[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#647624: Changes from longterm

Package: src:linux-2.6
Version: 2.6.32-39
Severity: important

[Actually based on, with the 1 definitely incorrect change

USB: ftdi_sio: add Calao reference board support
USB: ftdi_sio: add PID for Sony Ericsson Urban
USB: ftdi_sio: Support TI/Luminary Micro Stellaris BD-ICDI Board

Hardware support.

USB: EHCI: Do not rely on PORT_SUSPEND to stop USB resuming in ehci_bus_resume().

Looks like it fixes suspend/resume for USB devices attached to some

rt2x00: do not drop usb dev reference counter on suspend

Fixes potential crash on resume with rt2x00 USB devices.

atm: br2684: Fix oops due to skb->dev being NULL

This neglected driver is still broken...

sparc: Allow handling signals when stack is corrupted.

It sounds like a user task on sparc that somehow corrupts its stack
pointer cannot be debugged because any signal will kill the process
immediately.  The code change is large and looks like it would cause an
ABI change, so I am minded to revert it.

sparc: fix array bounds error setting up PCIC NMI trap

Trivial fix for compiler warning; should have no effect.

Fix broken backport for IPv6 tunnels

Fixes regression in ip6_tunnel in  We already avoided that
though we missed a failure path which this change also fixes.

net: Fix IPv6 GSO type checks in Intel ethernet drivers
ipv6: Add GSO support on forwarding path

Already applied in 2.6.32-39.

Revert "x86, hotplug: Use mwait to offline a processor, fix the legacy case"

Already applied in 2.6.32-36.

GRO: fix merging a paged skb after non-paged skbs

Fixes TCP receive failure when using the sfc driver.

xen-blkfront: fix data size for xenbus_gather in blkfront_connect

Appears to fix a protocol error that results in incorrect configuration
for block devices in a 64-bit Xen domU.

md/linear: avoid corrupting structure while waiting for rcu_free to complete.

Appears to fix a potential crash or data corruption during
reconfiguration of an md-linear device.

powerpc/mpic: Fix problem that affinity is not updated

Fixes IRQ affinity setting on powerpc.  This regressed in Linux 2.6.31;
it was effectively deferred until the next attempt to change affinity.

powerpc/pci: Check devices status property when scanning OF tree

Fixes PCI enumeration to skip devices that are disabled(?) by the
firmware and therefore not accessible.  If such a device is treated as
present, this will result in errors.  I suspect that the errors would be
harmless but would result in a lot of noise in the kernel log.

xen: x86_32: do not enable iterrupts when returning from exception in interrupt context

Fixes potential deadlock or (less likely) crash or data corruption on
32-bit Xen domU.

xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead.

Fixes #637308.

ARM: davinci: da850 EVM: read mac address from SPI flash

No effect; we don't support this platform.

md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.

Fixes regression in support for old md (software RAID) arrays in this
size range.  I'm not sure whether this could cause data corruption or
whether the device would fail to start.

net/9p: fix client code to fail more gracefully on protocol error

Fixes crash on protocol error, i.e. remote denial-of-service.

fs/9p: Fid is not valid after a failed clunk.

Not sure what this fixes but I would suspect another remote DoS.

net/9p: Fix the msize calculation.

I can't see how this is a serious bug, but it seems reasonable.

irda: fix smsc-ircc2 section mismatch warning

I think this fixes a potential crash if the driver is built-in.

[SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling.

Appears to fix some sort of random driver hang.

e1000: Fix driver to be used on PA RISC C8000 workstations

Hardware support.

ASoC: Fix reporting of partial jack updates
ASoC: wm8940: Properly set codec->dapm.bias_level
ASoC: ak4642: fixup cache register table
ASoC: ak4535: fixup cache register table

No effect; ASoC is not enabled in any supported configuration.

ALSA: HDA: Cirrus - fix "Surround Speaker" volume control name

Cosmetic but safe.

cifs: fix possible memory corruption in CIFSFindNext

CVE-2011-3191, already fixed in 2.6.32-35squeeze1.

b43: Fix beacon problem in ad-hoc mode

Sounds like ad-hoc mode is just broken in this driver.  Simple fix.

wireless: Reset beacon_found while updating regulatory

This fixes a failure to follow the correct wireless regulations.  I
think it would mostly affect people travelling without restarting the

USB: PL2303: correctly handle baudrates above 115200

Hardware support, I suppose.


Hardware support.

hvc_console: Improve tty/console put_chars handling

Fixes lost console output on powerpc pSeries systems.

TPM: Call tpm_transmit with correct size

Fixes CVE-2011-1161; I don't know what the impact of that is.

TPM: Zero buffer after copying to userspace

Fixes CVE-2011-1162; possible information leak (but only in combination
with other bugs).

libiscsi_tcp: fix LLD data allocation

Looks like this fixes a potential use of freed memory, i.e. data

cnic: Improve NETDEV_UP event handling

Fixes unreliable probing of these iSCSI devices (hardware support?).

ALSA: hda/realtek - Avoid bogus HP-pin assignment

Not sure what the impact is, but I think that speaker output can be
wrongly muted.

[SCSI] 3w-9xxx: fix iommu_iova leak

Fixes resource leak in an error case in this driver.

[SCSI] aacraid: reset should disable MSI interrupt

Fixes interrupt control for this SCSI controller when it is reset.
Leaving the interrupt enabled is definitely incorrect (provokes a
WARNING) and might lead to a crash.

[SCSI] libsas: fix failure to revalidate domain for anything but the first expander child.

This appears to fix a bug in device discovery for external SAS devices
that change state, which I think includes hotplug.  So, hardware

cfg80211: Fix validation of AKM suites

Fixes stack buffer overflow exploitable with CAP_NET_ADMIN.

splice: direct_splice_actor() should not use pos in sd

Fixes data loss for some uses of splice (bug #641419).  We applied this
in 2.6.32-37.

[SCSI] libsas: fix panic when single phy is disabled on a wide port

Fixes crash in an odd removal case.

ahci: Enable SB600 64bit DMA on Asus M3A

Disk I/O performance improvement for this system.  Has no effect on
anything else.

HID: usbhid: Add support for SiGma Micro chip

Hardware support.

hwmon: (w83627ehf) Properly report thermal diode sensors

Seems like a minor bug in temperature reporting.  But looks safe,

x25: Prevent skb overreads when checking call user data

Could theoretically cause a crash (remote DoS), but is almost certain to
be harmless in practice.  I don't think anyone is using x25 any more

block: check for proper length of iov entries earlier in blk_rq_map_user_iov()

Attempts to fix a check for invalid SCSI-generic requests (SG_IO), but
doesn't (so far as I can see).  Probably has some security impact.

staging: quatech_usb2: Potential lost wakeup scenario in TIOCMIWAIT

Fixes race condition leading to (interruptible) hang in task using this
serial device.

USB: qcserial: add device ID for "HP un2430 Mobile Broadband Module"

Hardware support.

xhci-mem.c: Check for ring->first_seg != NULL

Fixes memory leak in some error cases.

[SCSI] ipr: Always initiate hard reset in kdump kernel

Fixes long delay in kdump when using these devices.

[SCSI] libsas: set sas_address and device type of rphy

Fixes some identifying information visible in sysfs.

ALSA: HDA: Add new revision for ALC662

Hardware support.

x86: Fix compilation bug in kprobes twobyte_is_boostable

Works around gcc bug that generates bad code (actually bad constant
data) for part of kprobes.  Doesn't appear to affect gcc-4.3 as used for
the official binary packages.

epoll: fix spurious lockdep warnings

Should have no effect on the official binary packages.  Probably useful
for people doing debugging with custom builds with lockdep enabled.

usbmon vs. tcpdump: fix dropped packet count

Fixes non-serious data loss (dropped packets should be expected, silent
drops should not).

USB: storage: Use normalized sense when emulating autosense

Sorry, no idea.

USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid

Fixes use-after-free.

usb: cdc-acm: Owen SI-30 support

Hardware support.

USB: add RESET_RESUME for webcams shown to be quirky

Workaround for buggy webcams that tend to fail after suspend/resume.

USB: pl2303: add id for SMART device

Hardware support.

QE/FHCI: fixed the CONTROL bug

No effect; FHCI is not enabled in any supported configuration.

Update email address for stable patch submission


kobj_uevent: Ignore if some listeners cannot handle message

Fixes spurious failure of device changes, e.g. lvm may fail if Chromium
is running (#641661).

kmod: prevent kmod_loop_msg overflow in __request_module()

Fixes excessive logging in case module loading recurses.

time: Change jiffies_to_clock_t() argument type to unsigned long

Fixes some incorrect time calculations, though it's not clear what the
real impact of this is.

nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir()

Removes incorrect check that could prevent use of some NFSv4 servers.

nfsd4: ignore WANT bits in open downgrade

Fixes potential crash in NFSv4 server (remote DoS).

KVM: s390: check cpu_id prior to using it

Fixes user-controlled out-of-bounds memory write on s390.  It appears
that any user in the kvm group could use this for code injection.

[S390] ccwgroup: move attributes to attribute group

Fixes unreliable identification of these devices in sysfs.

iommu/amd: Fix wrong shift direction

Don't know what the impact of this is.

carminefb: Fix module parameters permissions

Some parameters were incorrectly made writable (but only to root).  This
could presumably lead to a crash or data corruption if they were

[media] uvcvideo: Set alternate setting 0 on resume if the bus has been reset

Workaround for some cameras that expect a particular request after

[media] tuner_xc2028: Allow selection of the frequency adjustment code for XC3028

Fixes support for some DVB tuner devices.

plat-mxc: iomux-v3.h: implicitly enable pull-up/down when thats desired

No effect; this platform is not supported.

um: fix ubd cow size

Fixes support for copy-on-write disk images in User Mode Linux (so not
relevant for linux-2.6 itself).

cfq: calculate the seek_mean per cfq_queue not per cfq_io_context
cfq: merge cooperating cfq_queues
cfq: change the meaning of the cfqq_coop flag
cfq: break apart merged cfqqs if they stop cooperating
cfq-iosched: get rid of the coop_preempt flag
cfq: Dont allow queue merges for queues that have no process references

These are supposed to fix very poor disk throughput for some workloads,
particularly NFS servers.

KVM: x86: Reset tsc_timestamp on TSC writes

Fixes severe performance regression for KVM guests (the bug is in the
host but only affects the guests).  Regression was introduced in (Debian version 2.6.32-35).

genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier

Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration).  We already fixed this by
reverting the change that introduced the regression, but this should be

Revert "usb: musb: restore INDEX register in resume path"

No effect; we don't support any platform with MUSB.

Revert "MIPS: MTX-1: Make au1000_eth probe all PHY

No effect; we don't support this platform.

watchdog: mtx1-wdt: fix build failure

No effect; we don't support this platform.

kcore: fix test for end of list

It looks like reading from an invalid offset in /proc/kcore can crash
the kernel.  Shouldn't be a security issue as only root should be able
to read it.

thinkpad-acpi: module autoloading for newer Lenovo ThinkPads.

Hardware support.

scm: lower SCM_MAX_FD

Already applied this in 2.6.32-30.

deal with races in /proc/*/{syscall,stack,personality}
NLM: Dont hang forever on NLM unlock requests
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
vm: fix vm_pgoff wrap in stack expansion
vm: fix vm_pgoff wrap in upward expansion
Bluetooth: Prevent buffer overflow in l2cap config request
nl80211: fix overflow in ssid_len
net_sched: Fix qdisc_notify()

Various security fixes, already applied in 2.6.32-35squeeze1.


Ben Hutchings
Sturgeon's Law: Ninety percent of everything is crap.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: