rpms/kernel/devel patch-2.6.27.4-rc3.bz2.sign, NONE, 1.1 .cvsignore, 1.950, 1.951 TODO, 1.26, 1.27 kernel.spec, 1.1080, 1.1081 linux-2.6-upstream-reverts.patch, 1.3, 1.4 sources, 1.912, 1.913 upstream, 1.824, 1.825 linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch, 1.1, NONE

Fri Oct 24 23:45:09 UTC 2008

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17163

Modified Files:
	.cvsignore TODO kernel.spec linux-2.6-upstream-reverts.patch 
	sources upstream 
Added Files:
	patch-2.6.27.4-rc3.bz2.sign 
Removed Files:
	linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch 
Log Message:
2.6.27.4-rc3
  Dropped patches:
    linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
  Upstream reverts:
    ext-avoid-printk-floods-in-the-face-of-directory-corruption.patch

--- NEW FILE patch-2.6.27.4-rc3.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info

iD8DBQBJAkDwyGugalF9Dw4RAiisAJwN0OvZN53qvpeqt8tZd0IiB0g11wCeMo8k
cSSbHQCmMYDSrVB/JA1UHcQ=
=N5l1
-----END PGP SIGNATURE-----


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/.cvsignore,v
retrieving revision 1.950
retrieving revision 1.951
diff -u -r1.950 -r1.951
--- .cvsignore	22 Oct 2008 22:32:39 -0000	1.950
+++ .cvsignore	24 Oct 2008 23:44:38 -0000	1.951
@@ -5,3 +5,4 @@
 kernel-2.6.27
 linux-2.6.27.tar.bz2
 patch-2.6.27.3.bz2
+patch-2.6.27.4-rc3.bz2


Index: TODO
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/TODO,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- TODO	21 Oct 2008 21:22:36 -0000	1.26
+++ TODO	24 Oct 2008 23:44:38 -0000	1.27
@@ -156,6 +156,10 @@
 	Don't let this interface get out 'til it's official (and
 	released) upstream.
 
+linux-2.6.27-ext-dir-corruption-fix.patch
+	in -stable, but reverted in upstream-reverts
+        (the ext4 patch queue won't apply if we get this patch from -stable)
+
 linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
 	In mainline and 2.6.26-stable queue but not 2.6.27-stable.
 
@@ -167,9 +171,6 @@
 linux-2.6.27-sony-laptop-suspend-fix.patch
 	Submitted: http://marc.info/?l=linux-kernel&m=122419261829835&w=2
 
-linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
-	In x86/urgent, already requested for mainline and -stable
-
 linux-2.6.27-drm-i915-fix-ioctl-security.patch
 	In -stable, reverted in upstream-reverts, reapplied after the drm patch.
 	The drm patch should be fixed up to not conflict with the upstream patch.


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1080
retrieving revision 1.1081
diff -u -r1.1080 -r1.1081
--- kernel.spec	24 Oct 2008 01:59:54 -0000	1.1080
+++ kernel.spec	24 Oct 2008 23:44:38 -0000	1.1081
@@ -36,9 +36,9 @@
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 3
+%define stable_update 4
 # Is it a -stable RC?
-%define stable_rc 0
+%define stable_rc 3
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev .%{stable_update}
@@ -590,7 +590,6 @@
 
 Patch41: linux-2.6-sysrq-c.patch
 Patch44: linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
-Patch45: linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
 
 Patch140: linux-2.6-ps3-ehci-iso.patch
 Patch141: linux-2.6-ps3-storage-alias.patch
@@ -1077,8 +1076,6 @@
 # x86(-64)
 # don't oops in get_wchan()
 ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
-# fix resume on UP systems with SMP kernel
-ApplyPatch linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
 
 #
 # PowerPC
@@ -1853,6 +1850,13 @@
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
+* Fri Oct 24 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.4-45.rc3
+- 2.6.27.4-rc3
+  Dropped patches:
+    linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch
+  Upstream reverts:
+    ext-avoid-printk-floods-in-the-face-of-directory-corruption.patch
+
 * Thu Oct 23 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.3-44
 - Disable the snd-aw2 driver until upstream comes up with a fix.
 

linux-2.6-upstream-reverts.patch:

Index: linux-2.6-upstream-reverts.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-upstream-reverts.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- linux-2.6-upstream-reverts.patch	18 Oct 2008 21:42:50 -0000	1.3
+++ linux-2.6-upstream-reverts.patch	24 Oct 2008 23:44:38 -0000	1.4
@@ -34,3 +34,250 @@
  };
  
  int i915_max_ioctl = DRM_ARRAY_SIZE(i915_ioctls);
+From sandeen at redhat.com  Thu Oct 23 13:13:44 2008
+From: Eric Sandeen <sandeen at redhat.com>
+Date: Wed, 22 Oct 2008 10:11:52 -0500
+Subject: ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528)
+To: stable at kernel.org
+Cc: ext4 development <linux-ext4 at vger.kernel.org>
+Message-ID: <48FF42B8.3030606 at redhat.com>
+
+From: Eric Sandeen <sandeen at redhat.com>
+
+This is a trivial backport of the following upstream commits:
+
+- bd39597cbd42a784105a04010100e27267481c67 (ext2)
+- cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
+- 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
+
+This addresses CVE-2008-3528
+
+ext[234]: Avoid printk floods in the face of directory corruption
+
+Note: some people thinks this represents a security bug, since it
+might make the system go away while it is printing a large number of
+console messages, especially if a serial console is involved.  Hence,
+it has been assigned CVE-2008-3528, but it requires that the attacker
+either has physical access to your machine to insert a USB disk with a
+corrupted filesystem image (at which point why not just hit the power
+button), or is otherwise able to convince the system administrator to
+mount an arbitrary filesystem image (at which point why not just
+include a setuid shell or world-writable hard disk device file or some
+such).  Me, I think they're just being silly. --tytso
+
+Signed-off-by: Eric Sandeen <sandeen at redhat.com>
+Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+Cc: linux-ext4 at vger.kernel.org
+Cc: Eugene Teo <eugeneteo at kernel.sg>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/ext2/dir.c |   60 +++++++++++++++++++++++++++++++++-------------------------
+ fs/ext3/dir.c |   10 ++++++---
+ fs/ext4/dir.c |   11 +++++++---
+ 3 files changed, 50 insertions(+), 31 deletions(-)
+
+--- a/fs/ext2/dir.c
++++ b/fs/ext2/dir.c
+@@ -103,7 +103,7 @@ static int ext2_commit_chunk(struct page
+ 	return err;
+ }
+ 
+-static void ext2_check_page(struct page *page)
++static void ext2_check_page(struct page *page, int quiet)
+ {
+ 	struct inode *dir = page->mapping->host;
+ 	struct super_block *sb = dir->i_sb;
+@@ -146,10 +146,10 @@ out:
+ 	/* Too bad, we had an error */
+ 
+ Ebadsize:
+-	ext2_error(sb, "ext2_check_page",
+-		"size of directory #%lu is not a multiple of chunk size",
+-		dir->i_ino
+-	);
++	if (!quiet)
++		ext2_error(sb, __func__,
++			"size of directory #%lu is not a multiple "
++			"of chunk size", dir->i_ino);
+ 	goto fail;
+ Eshort:
+ 	error = "rec_len is smaller than minimal";
+@@ -166,32 +166,36 @@ Espan:
+ Einumber:
+ 	error = "inode out of bounds";
+ bad_entry:
+-	ext2_error (sb, "ext2_check_page", "bad entry in directory #%lu: %s - "
+-		"offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
+-		dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
+-		(unsigned long) le32_to_cpu(p->inode),
+-		rec_len, p->name_len);
++	if (!quiet)
++		ext2_error(sb, __func__, "bad entry in directory #%lu: : %s - "
++			"offset=%lu, inode=%lu, rec_len=%d, name_len=%d",
++			dir->i_ino, error, (page->index<<PAGE_CACHE_SHIFT)+offs,
++			(unsigned long) le32_to_cpu(p->inode),
++			rec_len, p->name_len);
+ 	goto fail;
+ Eend:
+-	p = (ext2_dirent *)(kaddr + offs);
+-	ext2_error (sb, "ext2_check_page",
+-		"entry in directory #%lu spans the page boundary"
+-		"offset=%lu, inode=%lu",
+-		dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
+-		(unsigned long) le32_to_cpu(p->inode));
++	if (!quiet) {
++		p = (ext2_dirent *)(kaddr + offs);
++		ext2_error(sb, "ext2_check_page",
++			"entry in directory #%lu spans the page boundary"
++			"offset=%lu, inode=%lu",
++			dir->i_ino, (page->index<<PAGE_CACHE_SHIFT)+offs,
++			(unsigned long) le32_to_cpu(p->inode));
++	}
+ fail:
+ 	SetPageChecked(page);
+ 	SetPageError(page);
+ }
+ 
+-static struct page * ext2_get_page(struct inode *dir, unsigned long n)
++static struct page * ext2_get_page(struct inode *dir, unsigned long n,
++				   int quiet)
+ {
+ 	struct address_space *mapping = dir->i_mapping;
+ 	struct page *page = read_mapping_page(mapping, n, NULL);
+ 	if (!IS_ERR(page)) {
+ 		kmap(page);
+ 		if (!PageChecked(page))
+-			ext2_check_page(page);
++			ext2_check_page(page, quiet);
+ 		if (PageError(page))
+ 			goto fail;
+ 	}
+@@ -292,7 +296,7 @@ ext2_readdir (struct file * filp, void *
+ 	for ( ; n < npages; n++, offset = 0) {
+ 		char *kaddr, *limit;
+ 		ext2_dirent *de;
+-		struct page *page = ext2_get_page(inode, n);
++		struct page *page = ext2_get_page(inode, n, 0);
+ 
+ 		if (IS_ERR(page)) {
+ 			ext2_error(sb, __func__,
+@@ -361,6 +365,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ 	struct page *page = NULL;
+ 	struct ext2_inode_info *ei = EXT2_I(dir);
+ 	ext2_dirent * de;
++	int dir_has_error = 0;
+ 
+ 	if (npages == 0)
+ 		goto out;
+@@ -374,7 +379,7 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ 	n = start;
+ 	do {
+ 		char *kaddr;
+-		page = ext2_get_page(dir, n);
++		page = ext2_get_page(dir, n, dir_has_error);
+ 		if (!IS_ERR(page)) {
+ 			kaddr = page_address(page);
+ 			de = (ext2_dirent *) kaddr;
+@@ -391,7 +396,9 @@ struct ext2_dir_entry_2 * ext2_find_entr
+ 				de = ext2_next_entry(de);
+ 			}
+ 			ext2_put_page(page);
+-		}
++		} else
++			dir_has_error = 1;
++
+ 		if (++n >= npages)
+ 			n = 0;
+ 		/* next page is past the blocks we've got */
+@@ -414,7 +421,7 @@ found:
+ 
+ struct ext2_dir_entry_2 * ext2_dotdot (struct inode *dir, struct page **p)
+ {
+-	struct page *page = ext2_get_page(dir, 0);
++	struct page *page = ext2_get_page(dir, 0, 0);
+ 	ext2_dirent *de = NULL;
+ 
+ 	if (!IS_ERR(page)) {
+@@ -487,7 +494,7 @@ int ext2_add_link (struct dentry *dentry
+ 	for (n = 0; n <= npages; n++) {
+ 		char *dir_end;
+ 
+-		page = ext2_get_page(dir, n);
++		page = ext2_get_page(dir, n, 0);
+ 		err = PTR_ERR(page);
+ 		if (IS_ERR(page))
+ 			goto out;
+@@ -655,14 +662,17 @@ int ext2_empty_dir (struct inode * inode
+ {
+ 	struct page *page = NULL;
+ 	unsigned long i, npages = dir_pages(inode);
++	int dir_has_error = 0;
+ 
+ 	for (i = 0; i < npages; i++) {
+ 		char *kaddr;
+ 		ext2_dirent * de;
+-		page = ext2_get_page(inode, i);
++		page = ext2_get_page(inode, i, dir_has_error);
+ 
+-		if (IS_ERR(page))
++		if (IS_ERR(page)) {
++			dir_has_error = 1;
+ 			continue;
++		}
+ 
+ 		kaddr = page_address(page);
+ 		de = (ext2_dirent *)kaddr;
+--- a/fs/ext3/dir.c
++++ b/fs/ext3/dir.c
+@@ -102,6 +102,7 @@ static int ext3_readdir(struct file * fi
+ 	int err;
+ 	struct inode *inode = filp->f_path.dentry->d_inode;
+ 	int ret = 0;
++	int dir_has_error = 0;
+ 
+ 	sb = inode->i_sb;
+ 
+@@ -148,9 +149,12 @@ static int ext3_readdir(struct file * fi
+ 		 * of recovering data when there's a bad sector
+ 		 */
+ 		if (!bh) {
+-			ext3_error (sb, "ext3_readdir",
+-				"directory #%lu contains a hole at offset %lu",
+-				inode->i_ino, (unsigned long)filp->f_pos);
++			if (!dir_has_error) {
++				ext3_error(sb, __func__, "directory #%lu "
++					"contains a hole at offset %lld",
++					inode->i_ino, filp->f_pos);
++				dir_has_error = 1;
++			}
+ 			/* corrupt size?  Maybe no more blocks to read */
+ 			if (filp->f_pos > inode->i_blocks << 9)
+ 				break;
+--- a/fs/ext4/dir.c
++++ b/fs/ext4/dir.c
+@@ -102,6 +102,7 @@ static int ext4_readdir(struct file * fi
+ 	int err;
+ 	struct inode *inode = filp->f_path.dentry->d_inode;
+ 	int ret = 0;
++	int dir_has_error = 0;
+ 
+ 	sb = inode->i_sb;
+ 
+@@ -148,9 +149,13 @@ static int ext4_readdir(struct file * fi
+ 		 * of recovering data when there's a bad sector
+ 		 */
+ 		if (!bh) {
+-			ext4_error (sb, "ext4_readdir",
+-				"directory #%lu contains a hole at offset %lu",
+-				inode->i_ino, (unsigned long)filp->f_pos);
++			if (!dir_has_error) {
++				ext4_error(sb, __func__, "directory #%lu "
++					   "contains a hole at offset %Lu",
++					   inode->i_ino,
++					   (unsigned long long) filp->f_pos);
++				dir_has_error = 1;
++			}
+ 			/* corrupt size?  Maybe no more blocks to read */
+ 			if (filp->f_pos > inode->i_blocks << 9)
+ 				break;


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/sources,v
retrieving revision 1.912
retrieving revision 1.913
diff -u -r1.912 -r1.913
--- sources	22 Oct 2008 22:32:39 -0000	1.912
+++ sources	24 Oct 2008 23:44:38 -0000	1.913
@@ -1,2 +1,3 @@
 b3e78977aa79d3754cb7f8143d7ddabd  linux-2.6.27.tar.bz2
 4f0dc89b4989619c616d40507b5f7f34  patch-2.6.27.3.bz2
+30a169832b0386d6888ec2c705f4ee84  patch-2.6.27.4-rc3.bz2


Index: upstream
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/upstream,v
retrieving revision 1.824
retrieving revision 1.825
diff -u -r1.824 -r1.825
--- upstream	22 Oct 2008 22:32:40 -0000	1.824
+++ upstream	24 Oct 2008 23:44:38 -0000	1.825
@@ -1,2 +1,3 @@
 linux-2.6.27.tar.bz2
 patch-2.6.27.3.bz2
+patch-2.6.27.4-rc3.bz2


--- linux-2.6-x86-acpi-fix-resume-on-64-bit-UP-systems.patch DELETED ---


