linux-stable.git/arch, branch linux-2.6.12.y Linux kernel stable tree [PATCH] Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459) 2005-08-15T00:20:09+00:00 Tim Yamin plasmaroo@gentoo.org 2005-07-25T22:16:13+00:00 885605316d76c3fdce23dffe9c59e20539287c6b Fix outstanding security bugs in the Linux zlib implementations. See: a) http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html CAN-2005-2458 b) http://bugs.gentoo.org/show_bug.cgi?id=94584 CAN-2005-2459 Signed-off-by: Tim Yamin <plasmaroo@gentoo.org> Signed-off-by: Tavis Ormandy <taviso@gentoo.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Fix outstanding security bugs in the Linux zlib implementations. See:

a) http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
CAN-2005-2458

b) http://bugs.gentoo.org/show_bug.cgi?id=94584
CAN-2005-2459

Signed-off-by: Tim Yamin <plasmaroo@gentoo.org>
Signed-off-by: Tavis Ormandy <taviso@gentoo.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] x86_64: Fixing smpboot timing problem 2005-08-15T00:20:08+00:00 Andi Kleen ak@suse.de 2005-08-10T01:40:42+00:00 8f5a9b18ec1b8af04a8d9e1fcce04cf8dbb08019 This patch fixes the SMP boot timing problem that hit various people and was introduced in 2.6.12. Please apply to stable. >From Eric Biederman sync_tsc was using smp_call_function to ask the boot processor to report it's tsc value. smp_call_function performs an IPI_send_allbutself which is a broadcast ipi. There is a window during processor startup during which the target cpu has started and before it has initialized it's interrupt vectors so it can properly process an interrupt. Receveing an interrupt during that window will triple fault the cpu and do other nasty things. Why cli does not protect us from that is beyond me. The simple fix is to match ia64 and provide a smp_call_function_single. Which avoids the broadcast and is more efficient. This certainly fixes the problem of getting stuck on boot which was very easy to trigger on my SMP Hyperthreaded Xeon, and I think it fixes it for the right reasons. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This patch fixes the SMP boot timing problem that hit various people and was
introduced in 2.6.12. Please apply to stable.

>From Eric Biederman

sync_tsc was using smp_call_function to ask the boot processor
to report it's tsc value.  smp_call_function performs an IPI_send_allbutself
which is a broadcast ipi.  There is a window during processor startup during
which the target cpu has started and before it has initialized it's interrupt
vectors so it can properly process an interrupt.  Receveing an interrupt
during that window will triple fault the cpu and do other nasty things.

Why cli does not protect us from that is beyond me.

The simple fix is to match ia64 and provide a smp_call_function_single.
Which avoids the broadcast and is more efficient.

This certainly fixes the problem of getting stuck on boot which was
very easy to trigger on my SMP Hyperthreaded Xeon, and I think
it fixes it for the right reasons.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Fix SRAT for non dual core AMD systems 2005-08-15T00:20:08+00:00 Andi Kleen ak@suse.de 2005-08-08T16:47:19+00:00 4491f6fe1c32fc8de79ceb3b57e90647aaca8cdb Patch for 2.6.12-STABLE This fixes a bug in SRAT handling on AMD systems that was introduced with the dual core support. It would be disabled on CPUs without dual core. Just drop the bogus check. Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Patch for 2.6.12-STABLE

This fixes a bug in SRAT handling on AMD systems that was introduced
with the dual core support. It would be disabled on CPUs without dual core.
Just drop the bogus check.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Fix powernow oops on dual-core athlon 2005-08-05T07:04:25+00:00 Dave Jones davej@redhat.com 2005-07-30T20:30:30+00:00 2d0c661b972f94baa8fd5f80b3f49e76056fdf79 Date: Thu, 28 Jul 2005 16:38:21 +0000 (-0700) Subject: powernow-k8 requires that a data structure for X-Git-Tag: v2.6.13-rc4 X-Git-Url: http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03938c3f1062b0f279a0ef937a471d4db83702ed powernow-k8 requires that a data structure for each core be created in the _cpu_init function call. The cpufreq infrastructure doesn't call _cpu_init for the second core in each processor. Some systems crashed when _get was called with an odd-numbered core because it tried to dereference a NULL pointer since the data structure had not been created. The attached patch solves the problem by initializing data structures for all shared cores in the _cpu_init function. It should apply to 2.6.12-rc6 and has been tested by AMD and Sun. Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Chris Wright <chrisw@osdl.org> 
Date: Thu, 28 Jul 2005 16:38:21 +0000 (-0700)
Subject: powernow-k8 requires that a data structure for
X-Git-Tag: v2.6.13-rc4
X-Git-Url: http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03938c3f1062b0f279a0ef937a471d4db83702ed

powernow-k8 requires that a data structure for
each core be created in the _cpu_init function
call.  The cpufreq infrastructure doesn't call
_cpu_init for the second core in each processor.
Some systems crashed when _get was called with
an odd-numbered core because it tried to
dereference a NULL pointer since the data
structure had not been created.

The attached patch solves the problem by
initializing data structures for all shared
cores in the _cpu_init function.  It should
apply to 2.6.12-rc6 and has been tested by
AMD and Sun.

Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] sys_get_thread_area does not clear the returned argument 2005-08-05T07:04:23+00:00 Blaisorblade blaisorblade@yahoo.it 2005-07-30T19:07:02+00:00 685dd5ff54ea9b3333df75427bd91d9601813c23 CC: <stable@kernel.org> sys_get_thread_area does not memset to 0 its struct user_desc info before copying it to user space... since sizeof(struct user_desc) is 16 while the actual datas which are filled are only 12 bytes + 9 bits (across the bitfields), there is a (small) information leak. This was already committed to Linus' repository. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Chris Wright <chrisw@osdl.org> 
CC: <stable@kernel.org>

sys_get_thread_area does not memset to 0 its struct user_desc info before
copying it to user space...  since sizeof(struct user_desc) is 16 while the
actual datas which are filled are only 12 bytes + 9 bits (across the
bitfields), there is a (small) information leak.

This was already committed to Linus' repository.

Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] x86_64 memleak from malicious 32bit elf program 2005-08-05T07:04:16+00:00 Siddha, Suresh B suresh.b.siddha@intel.com 2005-07-16T02:17:44+00:00 691162d638928856e23f21d122aa39de47a494e4 malicious 32bit app can have an elf section at 0xffffe000. During exec of this app, we will have a memory leak as insert_vm_struct() is not checking for return value in syscall32_setup_pages() and thus not freeing the vma allocated for the vsyscall page. Check the return value and free the vma incase of failure. Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
malicious 32bit app can have an elf section at 0xffffe000.  During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page.

Check the return value and free the vma incase of failure.

Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] uml: fix TT mode by reverting "use fork instead of clone" 2005-07-15T21:15:26+00:00 blaisorblade@yahoo.it blaisorblade@yahoo.it 2005-07-12T17:28:37+00:00 b050ac70a8b72a48a8ab3130c35dfe38850b668b From: Jeff Dike <jdike@addtoit.com>, Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Revert the following patch, because of miscompilation problems in different environments leading to UML not working *at all* in TT mode; it was merged lately in 2.6 development cycle, a little after being written, and has caused problems to lots of people; I know it's a bit too long, but it shouldn't have been merged in first place, so I still apply for inclusion in the -stable tree. Anyone using this feature currently is either using some older kernel (some reports even used 2.6.12-rc4-mm2) or using this patch, as included in my -bs patchset. For now there's not yet a fix for this patch, so for now the best thing is to drop it (which was widely reported to give a working kernel). "Convert the boot-time host ptrace testing from clone to fork. They were essentially doing fork anyway. This cleans up the code a bit, and makes valgrind a bit happier about grinding it." URL: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=98fdffccea6cc3fe9dba32c0fcc310bcb5d71529 Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
From: Jeff Dike <jdike@addtoit.com>, Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>

Revert the following patch, because of miscompilation problems in different
environments leading to UML not working *at all* in TT mode; it was merged
lately in 2.6 development cycle, a little after being written, and has caused
problems to lots of people; I know it's a bit too long, but it shouldn't have
been merged in first place, so I still apply for inclusion in the -stable
tree. Anyone using this feature currently is either using some older kernel
(some reports even used 2.6.12-rc4-mm2) or using this patch, as included in my
-bs patchset.

For now there's not yet a fix for this patch, so for now the best thing is to
drop it (which was widely reported to give a working kernel).

"Convert the boot-time host ptrace testing from clone to fork.  They were
essentially doing fork anyway.  This cleans up the code a bit, and makes
valgrind a bit happier about grinding it."

URL:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=98fdffccea6cc3fe9dba32c0fcc310bcb5d71529

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] ppc32: stop misusing ntps time_offset value 2005-07-15T21:15:24+00:00 john stultz johnstul@us.ibm.com 2005-07-01T05:08:54+00:00 8f399a7448e0b58eae969426f61b7e81d55d2639 As part of my timeofday rework, I've been looking at the NTP code and I noticed that the PPC architecture is apparently misusing the NTP's time_offset (it is a terrible name!) value as some form of timezone offset. This could cause problems when time_offset changed by the NTP code. This patch changes the PPC code so it uses a more clear local variable: timezone_offset. Signed-off-by: John Stultz <johnstul@us.ibm.com> Acked-by: Tom Rini <trini@kernel.crashing.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
As part of my timeofday rework, I've been looking at the NTP code and I
noticed that the PPC architecture is apparently misusing the NTP's
time_offset (it is a terrible name!) value as some form of timezone offset.

This could cause problems when time_offset changed by the NTP code.  This
patch changes the PPC code so it uses a more clear local variable:
timezone_offset.

Signed-off-by: John Stultz <johnstul@us.ibm.com>
Acked-by: Tom Rini <trini@kernel.crashing.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] ia64 ptrace + sigrestore_context (CAN-2005-1761) 2005-06-22T19:32:50+00:00 Matthew Chapman matthewc@hp.com 2005-06-21T03:53:01+00:00 df0112ae92e768bda81105cff85d7c8e46004d7b This patch fixes handling of accesses to ar.rsc via ptrace & restore_sigcontext Signed-off-by: Matthew Chapman <matthewc@hp.com> Acked-by: David Mosberger <davidm@hpl.hp.com> Acked-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Chris Wright <chrisw@osdl.org> 
This patch fixes handling of accesses to ar.rsc via ptrace &
restore_sigcontext

Signed-off-by: Matthew Chapman <matthewc@hp.com>
Acked-by: David Mosberger <davidm@hpl.hp.com>
Acked-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] ARM: 2715/1: restore CPLD interrupts upon resume for Lubbock and Mainstone 2005-06-16T20:23:56+00:00 Nicolas Pitre nico@org.rmk.(none) 2005-06-16T20:23:56+00:00 22f11c4e662ef0bdd87f09370a76c83ed738d5fd Patch from Nicolas Pitre Without this some devices fail to work again after a suspend event. Signed-off-by: Nicolas Pitre Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
Patch from Nicolas Pitre

Without this some devices fail to work again after a suspend event.

Signed-off-by: Nicolas Pitre
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>