[arch-commits] CVS update of core/base/kernel26 (PKGBUILD pre-2.6.24.2.patch)
Tobias Powalowski
tpowa at archlinux.org
Sun Feb 10 15:02:39 UTC 2008
Date: Sunday, February 10, 2008 @ 10:02:39
Author: tpowa
Path: /home/cvs-core/core/base/kernel26
Added: pre-2.6.24.2.patch (1.1)
Modified: PKGBUILD (1.289 -> 1.290)
'upgpgk: added fix for root exploit and latest stable patches from greg kroah repository'
--------------------+
PKGBUILD | 11 -
pre-2.6.24.2.patch | 415 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 423 insertions(+), 3 deletions(-)
Index: core/base/kernel26/PKGBUILD
diff -u core/base/kernel26/PKGBUILD:1.289 core/base/kernel26/PKGBUILD:1.290
--- core/base/kernel26/PKGBUILD:1.289 Fri Feb 8 17:23:24 2008
+++ core/base/kernel26/PKGBUILD Sun Feb 10 10:02:38 2008
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD,v 1.289 2008/02/08 22:23:24 tpowa Exp $
+# $Id: PKGBUILD,v 1.290 2008/02/10 15:02:38 tpowa Exp $
# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
# Maintainer: Thomas Baechler <thomas at archlinux.org>
pkgname=kernel26
_basekernel=2.6.24
pkgver=2.6.24.1
-pkgrel=1
+pkgrel=2
pkgdesc="The Linux Kernel and modules"
arch=(i686 x86_64)
license=('GPL2')
@@ -22,6 +22,7 @@
install=kernel26.install
source=(ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_basekernel.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
+ pre-2.6.24.2.patch
### next two lines only needed for rc kernel building
#http://www.kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.24-rc6.bz2
#http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.24-rc6-git2.bz2
@@ -61,6 +62,7 @@
)
md5sums=('3f23ad4b69d0a552042d1ed0f4399857'
'86d55d5080217b2e79e0fff227218cd1'
+ '276c1c801605b39dfab5badddbf97c66'
'97c28c42ef2bbf8c9c6464a1e09eaf90'
'3a2693f2793fd1a968a750dbf154ab57'
'6a5a1925501fe20fafd04fdb3cb4f6ed'
@@ -88,7 +90,10 @@
cd $startdir/src/linux-$_basekernel
# add upstream patch from 2.6.24 series
patch -Np1 -i ../patch-$pkgver || return 1
-
+
+ # add queued patches for 2.6.24 series
+ #http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
+ patch -Np1 -i ../pre-2.6.24.2.patch || return 1
### next 2 lines are only needed for rc kernels
#patch -Np1 -i ../patch-$pkgver-rc6 || return 1
#patch -Np1 -i ../patch-2.6.24-rc6-git2 || return 1
Index: core/base/kernel26/pre-2.6.24.2.patch
diff -u /dev/null core/base/kernel26/pre-2.6.24.2.patch:1.1
--- /dev/null Sun Feb 10 10:02:39 2008
+++ core/base/kernel26/pre-2.6.24.2.patch Sun Feb 10 10:02:39 2008
@@ -0,0 +1,415 @@
+diff --git a/fs/splice.c b/fs/splice.c
+index 14e2262..80beb2b 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1237,6 +1237,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
+ if (unlikely(!base))
+ break;
+
++ if (!access_ok(VERIFY_READ, base, len)) {
++ error = -EFAULT;
++ break;
++ }
++
+ /*
+ * Get this base offset and number of pages, then map
+ * in the user pages.
+
+From stable-bounces at linux.kernel.org Fri Feb 8 11:02:37 2008
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date: Fri, 08 Feb 2008 14:01:02 -0500
+Subject: NFS: Fix a potential file corruption issue when writing
+To: stable at kernel.org
+Message-ID: <1202497262.8383.8.camel at heimdal.trondhjem.org>
+
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+
+patch 5d47a35600270e7115061cb1320ee60ae9bcb6b8 in mainline.
+
+If the inode is flagged as having an invalid mapping, then we can't rely on
+the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
+write optimisation in nfs_updatepage(), since that will cause NFS to write
+out areas of the page that are no longer guaranteed to be up to date.
+
+A potential corruption could occur in the following scenario:
+
+client 1 client 2
+=============== ===============
+ fd=open("f",O_CREAT|O_WRONLY,0644);
+ write(fd,"fubar\n",6); // cache last page
+ close(fd);
+fd=open("f",O_WRONLY|O_APPEND);
+write(fd,"foo\n",4);
+close(fd);
+
+ fd=open("f",O_WRONLY|O_APPEND);
+ write(fd,"bar\n",4);
+ close(fd);
+-----
+The bug may lead to the file "f" reading 'fubar\n\0\0\0\nbar\n' because
+client 2 does not update the cached page after re-opening the file for
+write. Instead it keeps it marked as PageUptodate() until someone calls
+invalidate_inode_pages2() (typically by calling read()).
+
+The bug was introduced by commit 44b11874ff583b6e766a05856b04f3c492c32b84
+"NFS: Separate metadata and page cache revalidation mechanisms"
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/nfs/write.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -701,6 +701,17 @@ int nfs_flush_incompatible(struct file *
+ }
+
+ /*
++ * If the page cache is marked as unsafe or invalid, then we can't rely on
++ * the PageUptodate() flag. In this case, we will need to turn off
++ * write optimisations that depend on the page contents being correct.
++ */
++static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
++{
++ return PageUptodate(page) &&
++ !(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
++}
++
++/*
+ * Update and possibly write a cached page of an NFS file.
+ *
+ * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
+@@ -721,10 +732,13 @@ int nfs_updatepage(struct file *file, st
+ (long long)(page_offset(page) +offset));
+
+ /* If we're not using byte range locks, and we know the page
+- * is entirely in cache, it may be more efficient to avoid
+- * fragmenting write requests.
++ * is up to date, it may be more efficient to extend the write
++ * to cover the entire page in order to avoid fragmentation
++ * inefficiencies.
+ */
+- if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
++ if (nfs_write_pageuptodate(page, inode) &&
++ inode->i_flock == NULL &&
++ !(file->f_mode & O_SYNC)) {
+ count = max(count + offset, nfs_page_length(page));
+ offset = 0;
+ }
+From stable-bounces at linux.kernel.org Fri Feb 8 04:19:02 2008
+From: Ulisses Furquim <ulissesf at gmail.com>
+Date: Fri, 08 Feb 2008 04:18:16 -0800
+Subject: inotify: fix check for one-shot watches before destroying them
+To: torvalds at linux-foundation.org
+Cc: rlove at google.com, clem.taylor at gmail.com, stable at kernel.org, amy.griffis at hp.com, ttb at tentacle.dhs.org, akpm at linux-foundation.org, ulissesf at gmail.com
+Message-ID: <200802081217.m18CHvXc023553 at imap1.linux-foundation.org>
+
+From: Ulisses Furquim <ulissesf at gmail.com>
+
+patch ac74c00e499ed276a965e5b5600667d5dc04a84a in mainline.
+
+As the IN_ONESHOT bit is never set when an event is sent we must check it
+in the watch's mask and not in the event's mask.
+
+Signed-off-by: Ulisses Furquim <ulissesf at gmail.com>
+Reported-by: "Clem Taylor" <clem.taylor at gmail.com>
+Tested-by: "Clem Taylor" <clem.taylor at gmail.com>
+Cc: Amy Griffis <amy.griffis at hp.com>
+Cc: Robert Love <rlove at google.com>
+Cc: John McCutchan <ttb at tentacle.dhs.org>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+
+---
+ fs/inotify_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/inotify_user.c
++++ b/fs/inotify_user.c
+@@ -269,7 +269,7 @@ static void inotify_dev_queue_event(stru
+ /* we can safely put the watch as we don't reference it while
+ * generating the event
+ */
+- if (mask & IN_IGNORED || mask & IN_ONESHOT)
++ if (mask & IN_IGNORED || w->mask & IN_ONESHOT)
+ put_inotify_watch(w); /* final put */
+
+ /* coalescing: drop this event if it is a dupe of the previous */
+From stable-bounces at linux.kernel.org Fri Feb 8 04:19:17 2008
+From: Nishanth Aravamudan <nacc at us.ibm.com>
+Date: Fri, 08 Feb 2008 04:18:18 -0800
+Subject: hugetlb: add locking for overcommit sysctl
+To: torvalds at linux-foundation.org
+Cc: wli at holomorphy.com, agl at us.ibm.com, nacc at us.ibm.com, akpm at linux-foundation.org, stable at kernel.org, david at gibson.dropbear.id.au
+Message-ID: <200802081217.m18CHxwe023557 at imap1.linux-foundation.org>
+
+
+From: Nishanth Aravamudan <nacc at us.ibm.com>
+
+patch a3d0c6aa1bb342b9b2c7b123b52ac2f48a4d4d0a in mainline.
+
+When I replaced hugetlb_dynamic_pool with nr_overcommit_hugepages I used
+proc_doulongvec_minmax() directly. However, hugetlb.c's locking rules
+require that all counter modifications occur under the hugetlb_lock. Add a
+callback into the hugetlb code similar to the one for nr_hugepages. Grab
+the lock around the manipulation of nr_overcommit_hugepages in
+proc_doulongvec_minmax().
+
+Signed-off-by: Nishanth Aravamudan <nacc at us.ibm.com>
+Acked-by: Adam Litke <agl at us.ibm.com>
+Cc: David Gibson <david at gibson.dropbear.id.au>
+Cc: William Lee Irwin III <wli at holomorphy.com>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+
+---
+ include/linux/hugetlb.h | 1 +
+ kernel/sysctl.c | 2 +-
+ mm/hugetlb.c | 10 ++++++++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -17,6 +17,7 @@ static inline int is_vm_hugetlb_page(str
+ }
+
+ int hugetlb_sysctl_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
++int hugetlb_overcommit_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int hugetlb_treat_movable_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int copy_hugetlb_page_range(struct mm_struct *, struct mm_struct *, struct vm_area_struct *);
+ int follow_hugetlb_page(struct mm_struct *, struct vm_area_struct *, struct page **, struct vm_area_struct **, unsigned long *, int *, int, int);
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -910,7 +910,7 @@ static struct ctl_table vm_table[] = {
+ .data = &nr_overcommit_huge_pages,
+ .maxlen = sizeof(nr_overcommit_huge_pages),
+ .mode = 0644,
+- .proc_handler = &proc_doulongvec_minmax,
++ .proc_handler = &hugetlb_overcommit_handler,
+ },
+ #endif
+ {
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -605,6 +605,16 @@ int hugetlb_treat_movable_handler(struct
+ return 0;
+ }
+
++int hugetlb_overcommit_handler(struct ctl_table *table, int write,
++ struct file *file, void __user *buffer,
++ size_t *length, loff_t *ppos)
++{
++ spin_lock(&hugetlb_lock);
++ proc_doulongvec_minmax(table, write, file, buffer, length, ppos);
++ spin_unlock(&hugetlb_lock);
++ return 0;
++}
++
+ #endif /* CONFIG_SYSCTL */
+
+ int hugetlb_report_meminfo(char *buf)
+From stable-bounces at linux.kernel.org Fri Feb 8 04:30:29 2008
+From: Jan Kara <jack at suse.cz>
+Date: Fri, 08 Feb 2008 04:22:13 -0800
+Subject: quota: turn quotas off when remounting read-only
+To: torvalds at linux-foundation.org
+Cc: akpm at linux-foundation.org, jack at suse.cz, stable at kernel.org
+Message-ID: <200802081221.m18CLtGt024628 at imap1.linux-foundation.org>
+
+
+From: Jan Kara <jack at suse.cz>
+
+patch 66191dc622f5ff0a541524c4e96fdacfacfda206 in mainline.
+
+Turn off quotas before filesystem is remounted read only. Otherwise quota
+will try to write to read-only filesystem which does no good... We could
+also just refuse to remount ro when quota is enabled but turning quota off
+is consistent with what we do on umount.
+
+Signed-off-by: Jan Kara <jack at suse.cz>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/super.c
++++ b/fs/super.c
+@@ -603,6 +603,7 @@ int do_remount_sb(struct super_block *sb
+ mark_files_ro(sb);
+ else if (!fs_may_remount_ro(sb))
+ return -EBUSY;
++ DQUOT_OFF(sb);
+ }
+
+ if (sb->s_op->remount_fs) {
+From stable-bounces at linux.kernel.org Tue Feb 5 15:52:50 2008
+From: David Chinner <dgc at sgi.com>
+Date: Wed, 6 Feb 2008 10:52:15 +1100
+Subject: XFS: Fix oops in xfs_file_readdir()
+To: stable at kernel.org
+Cc: greg at kroah.com, chris at sous-sol.org
+Message-ID: <20080205235215.GY155259 at sgi.com>
+Content-Disposition: inline
+
+From: David Chinner <dgc at sgi.com>
+
+patch 450790a2c51e6d9d47ed30dbdcf486656b8e186f in mainline.
+
+Several occurrences of oops in xfs_file_readdir() on ia32 have been
+reported since 2.6.24 was released. This is a regression introduced
+in 2.6.24 and is relatively easy to hit. The patch below fixes the
+problem.
+
+
+Signed-off-by: Dave Chinner <dgc at sgi.com>
+Signed-off-by: Lachlan McIlroy <lachlan at sgi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/xfs/linux-2.6/xfs_file.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/xfs/linux-2.6/xfs_file.c
++++ b/fs/xfs/linux-2.6/xfs_file.c
+@@ -350,8 +350,8 @@ xfs_file_readdir(
+
+ size = buf.used;
+ de = (struct hack_dirent *)buf.dirent;
+- curr_offset = de->offset /* & 0x7fffffff */;
+ while (size > 0) {
++ curr_offset = de->offset /* & 0x7fffffff */;
+ if (filldir(dirent, de->name, de->namlen,
+ curr_offset & 0x7fffffff,
+ de->ino, de->d_type)) {
+@@ -362,7 +362,6 @@ xfs_file_readdir(
+ sizeof(u64));
+ size -= reclen;
+ de = (struct hack_dirent *)((char *)de + reclen);
+- curr_offset = de->offset /* & 0x7fffffff */;
+ }
+ }
+
+From stable-bounces at linux.kernel.org Thu Jan 31 23:06:27 2008
+From: Al Viro <viro at ZenIV.linux.org.uk>
+Date: Fri, 1 Feb 2008 07:05:44 +0000
+Subject: Fix dl2k constants
+To: Jeff Garzik <jgarzik at pobox.com>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>, stable at kernel.org
+Message-ID: <20080201070544.GL27894 at ZenIV.linux.org.uk>
+Content-Disposition: inline
+
+
+patch 9c52fab2f187636b39afb0dcf562872ed42ab608 in mainline.
+
+The MSSR constants didn't match the reality - bitfield declarations
+used to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum
+had them the other way round. Went unnoticed until the switch from
+the bitfields use to the explicit arithmetics and I hadn't caught that one
+when verifying correctness of change...
+
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ drivers/net/dl2k.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/dl2k.h
++++ b/drivers/net/dl2k.h
+@@ -388,8 +388,8 @@ enum _mii_mssr {
+ MII_MSSR_CFG_RES = 0x4000,
+ MII_MSSR_LOCAL_RCV_STATUS = 0x2000,
+ MII_MSSR_REMOTE_RCVR = 0x1000,
+- MII_MSSR_LP_1000BT_HD = 0x0800,
+- MII_MSSR_LP_1000BT_FD = 0x0400,
++ MII_MSSR_LP_1000BT_FD = 0x0800,
++ MII_MSSR_LP_1000BT_HD = 0x0400,
+ MII_MSSR_IDLE_ERR_COUNT = 0x00ff,
+ };
+
+From 366c246de9cec909c5eba4f784c92d1e75b4dc38 Mon Sep 17 00:00:00 2001
+From: James Bottomley <James.Bottomley at HansenPartnership.com>
+Date: Sat, 2 Feb 2008 16:06:23 -0600
+Subject: SCSI: sd: handle bad lba in sense information
+
+From: James Bottomley <James.Bottomley at HansenPartnership.com>
+
+patch 366c246de9cec909c5eba4f784c92d1e75b4dc38 in mainline.
+
+Some devices report medium error locations incorrectly. Add guards to
+make sure the reported bad lba is actually in the request that caused
+it. Additionally remove the large case statment for sector sizes and
+replace it with the proper u64 divisions.
+
+Tested-by: Mike Snitzer <snitzer at gmail.com>
+Cc: Stable Tree <stable at kernel.org>
+Cc: Tony Battersby <tonyb at cybernetics.com>
+Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ drivers/scsi/sd.c | 34 ++++++++++++++++------------------
+ 1 file changed, 16 insertions(+), 18 deletions(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -907,6 +907,7 @@ static int sd_done(struct scsi_cmnd *SCp
+ unsigned int xfer_size = SCpnt->request_bufflen;
+ unsigned int good_bytes = result ? 0 : xfer_size;
+ u64 start_lba = SCpnt->request->sector;
++ u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
+ u64 bad_lba;
+ struct scsi_sense_hdr sshdr;
+ int sense_valid = 0;
+@@ -945,26 +946,23 @@ static int sd_done(struct scsi_cmnd *SCp
+ goto out;
+ if (xfer_size <= SCpnt->device->sector_size)
+ goto out;
+- switch (SCpnt->device->sector_size) {
+- case 256:
++ if (SCpnt->device->sector_size < 512) {
++ /* only legitimate sector_size here is 256 */
+ start_lba <<= 1;
+- break;
+- case 512:
+- break;
+- case 1024:
+- start_lba >>= 1;
+- break;
+- case 2048:
+- start_lba >>= 2;
+- break;
+- case 4096:
+- start_lba >>= 3;
+- break;
+- default:
+- /* Print something here with limiting frequency. */
+- goto out;
+- break;
++ end_lba <<= 1;
++ } else {
++ /* be careful ... don't want any overflows */
++ u64 factor = SCpnt->device->sector_size / 512;
++ do_div(start_lba, factor);
++ do_div(end_lba, factor);
+ }
++
++ if (bad_lba < start_lba || bad_lba >= end_lba)
++ /* the bad lba was reported incorrectly, we have
++ * no idea where the error is
++ */
++ goto out;
++
+ /* This computation should always be done in terms of
+ * the resolution of the device's medium.
+ */
More information about the arch-commits
mailing list