From d75d87349be55e0ad8c0fb262e6e1fbee8612a80 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 2 Nov 2007 10:14:03 -0700 Subject: [PATCH] fix up the author info and add another patch --- .../genirq-cleanup-mismerge-artifact.patch | 4 + ...pic-level-interrupts-to-avoid-resend.patch | 4 + ...-suppress-resend-of-level-interrupts.patch | 4 + ...ixfs-printks-on-corrupted-dir-i_size.patch | 76 +++++++++++++++++++ queue-2.6.22/series | 1 + 5 files changed, 89 insertions(+) create mode 100644 queue-2.6.22/minixfs-limit-minixfs-printks-on-corrupted-dir-i_size.patch diff --git a/queue-2.6.22/genirq-cleanup-mismerge-artifact.patch b/queue-2.6.22/genirq-cleanup-mismerge-artifact.patch index c3e8e5d0923..a5be4d0e322 100644 --- a/queue-2.6.22/genirq-cleanup-mismerge-artifact.patch +++ b/queue-2.6.22/genirq-cleanup-mismerge-artifact.patch @@ -4,6 +4,10 @@ Date: Sun, 12 Aug 2007 15:46:34 +0000 Subject: genirq: cleanup mismerge artifact Message-ID: <471500E5.4060500@redhat.com> +From: Thomas Gleixner + +patch 496634217e5671ed876a0348e9f5b7165e830b20 in mainline. + Commit 5a43a066b11ac2fe84cf67307f20b83bea390f83: "genirq: Allow fasteoi handler to retrigger disabled interrupts" was erroneously applied to handle_level_irq(). This added the irq retrigger / resend functionality diff --git a/queue-2.6.22/genirq-mark-io_apic-level-interrupts-to-avoid-resend.patch b/queue-2.6.22/genirq-mark-io_apic-level-interrupts-to-avoid-resend.patch index 1459b050509..46f7ca5f7f2 100644 --- a/queue-2.6.22/genirq-mark-io_apic-level-interrupts-to-avoid-resend.patch +++ b/queue-2.6.22/genirq-mark-io_apic-level-interrupts-to-avoid-resend.patch @@ -4,6 +4,10 @@ Date: Sun, 12 Aug 2007 15:46:36 +0000 Subject: genirq: mark io_apic level interrupts to avoid resend Message-ID: <4715016A.30605@redhat.com> +From: Thomas Gleixner + +patch cc75b92d11384ba14f93828a2a0040344ae872e7 in mainline. + Level type interrupts do not need to be resent. It was also found that some chipsets get confused in case of the resend. diff --git a/queue-2.6.22/genirq-suppress-resend-of-level-interrupts.patch b/queue-2.6.22/genirq-suppress-resend-of-level-interrupts.patch index 5e89e0e842a..3cd0130cc7e 100644 --- a/queue-2.6.22/genirq-suppress-resend-of-level-interrupts.patch +++ b/queue-2.6.22/genirq-suppress-resend-of-level-interrupts.patch @@ -4,6 +4,10 @@ Date: Sun, 12 Aug 2007 15:46:35 +0000 Subject: genirq: suppress resend of level interrupts Message-ID: <47150121.2010100@redhat.com> +From: Thomas Gleixner + +patch 2464286ace55b3abddfb9cc30ab95e2dac1de9a6 in mainline. + Level type interrupts are resent by the interrupt hardware when they are still active at irq_enable(). diff --git a/queue-2.6.22/minixfs-limit-minixfs-printks-on-corrupted-dir-i_size.patch b/queue-2.6.22/minixfs-limit-minixfs-printks-on-corrupted-dir-i_size.patch new file mode 100644 index 00000000000..d8f8cee714d --- /dev/null +++ b/queue-2.6.22/minixfs-limit-minixfs-printks-on-corrupted-dir-i_size.patch @@ -0,0 +1,76 @@ +From f44ec6f3f89889a469773b1fd894f8fcc07c29cf Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Tue, 16 Oct 2007 23:27:15 -0700 +Subject: minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058) +Message-ID: <47276102.30608@redhat.com> + +From: Eric Sandeen + +patch 44ec6f3f89889a469773b1fd894f8fcc07c29cf in mainline + +This attempts to address CVE-2006-6058 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058 + +first reported at http://projects.info-pull.com/mokb/MOKB-17-11-2006.html + +Essentially a corrupted minix dir inode reporting a very large +i_size will loop for a very long time in minix_readdir, minix_find_entry, +etc, because on EIO they just move on to try the next page. This is +under the BKL, printk-storming as well. This can lock up the machine +for a very long time. Simply ratelimiting the printks gets things back +under control. Make the message a bit more informative while we're here. + +Signed-off-by: Eric Sandeen +Cc: Bodo Eggert <7eggert@gmx.de> +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/minix/itree_v1.c | 9 +++++++-- + fs/minix/itree_v2.c | 9 +++++++-- + 2 files changed, 14 insertions(+), 4 deletions(-) + +--- a/fs/minix/itree_v1.c ++++ b/fs/minix/itree_v1.c +@@ -23,11 +23,16 @@ static inline block_t *i_data(struct ino + static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) + { + int n = 0; ++ char b[BDEVNAME_SIZE]; + + if (block < 0) { +- printk("minix_bmap: block<0\n"); ++ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", ++ block, bdevname(inode->i_sb->s_bdev, b)); + } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) { +- printk("minix_bmap: block>big\n"); ++ if (printk_ratelimit()) ++ printk("MINIX-fs: block_to_path: " ++ "block %ld too big on dev %s\n", ++ block, bdevname(inode->i_sb->s_bdev, b)); + } else if (block < 7) { + offsets[n++] = block; + } else if ((block -= 7) < 512) { +--- a/fs/minix/itree_v2.c ++++ b/fs/minix/itree_v2.c +@@ -23,12 +23,17 @@ static inline block_t *i_data(struct ino + static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) + { + int n = 0; ++ char b[BDEVNAME_SIZE]; + struct super_block *sb = inode->i_sb; + + if (block < 0) { +- printk("minix_bmap: block<0\n"); ++ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", ++ block, bdevname(sb->s_bdev, b)); + } else if (block >= (minix_sb(inode->i_sb)->s_max_size/sb->s_blocksize)) { +- printk("minix_bmap: block>big\n"); ++ if (printk_ratelimit()) ++ printk("MINIX-fs: block_to_path: " ++ "block %ld too big on dev %s\n", ++ block, bdevname(sb->s_bdev, b)); + } else if (block < 7) { + offsets[n++] = block; + } else if ((block -= 7) < 256) { diff --git a/queue-2.6.22/series b/queue-2.6.22/series index 2cd06c3af3d..b99503ae2c8 100644 --- a/queue-2.6.22/series +++ b/queue-2.6.22/series @@ -2,3 +2,4 @@ genirq-cleanup-mismerge-artifact.patch genirq-suppress-resend-of-level-interrupts.patch genirq-mark-io_apic-level-interrupts-to-avoid-resend.patch ib-uverbs-fix-checking-of-userspace-object-ownership.patch +minixfs-limit-minixfs-printks-on-corrupted-dir-i_size.patch -- 2.47.2