diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-03-08 11:33:00 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-03-08 11:33:00 -0800 |
commit | 73984b2809ee78802102714cb171fbabcf013269 (patch) | |
tree | 69c9a6c7420766740b7f372ae2178653f47ac41f | |
parent | f346b7053d4bff044d545152286414a0a554358b (diff) | |
download | longterm-queue-2.6.33-73984b2809ee78802102714cb171fbabcf013269.tar.gz |
patches
-rw-r--r-- | queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch | 47 | ||||
-rw-r--r-- | queue-2.6.33/keyboard-integer-underflow-bug.patch | 35 | ||||
-rw-r--r-- | queue-2.6.33/series | 2 |
3 files changed, 84 insertions, 0 deletions
diff --git a/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch b/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch new file mode 100644 index 0000000..3d88b6e --- /dev/null +++ b/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch @@ -0,0 +1,47 @@ +From b75f38d659e6fc747eda64cb72f3920e29dd44a4 Mon Sep 17 00:00:00 2001 +From: Li Zefan <lizf@cn.fujitsu.com> +Date: Fri, 4 Mar 2011 17:36:21 -0800 +Subject: cpuset: add a missing unlock in cpuset_write_resmask() + +From: Li Zefan <lizf@cn.fujitsu.com> + +commit b75f38d659e6fc747eda64cb72f3920e29dd44a4 upstream. + +Don't forget to release cgroup_mutex if alloc_trial_cpuset() fails. + +[akpm@linux-foundation.org: avoid multiple return points] +Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> +Cc: Paul Menage <menage@google.com> +Acked-by: David Rientjes <rientjes@google.com> +Cc: Miao Xie <miaox@cn.fujitsu.com> +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + kernel/cpuset.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/kernel/cpuset.c ++++ b/kernel/cpuset.c +@@ -1513,8 +1513,10 @@ static int cpuset_write_resmask(struct c + return -ENODEV; + + trialcs = alloc_trial_cpuset(cs); +- if (!trialcs) +- return -ENOMEM; ++ if (!trialcs) { ++ retval = -ENOMEM; ++ goto out; ++ } + + switch (cft->private) { + case FILE_CPULIST: +@@ -1529,6 +1531,7 @@ static int cpuset_write_resmask(struct c + } + + free_trial_cpuset(trialcs); ++out: + cgroup_unlock(); + return retval; + } diff --git a/queue-2.6.33/keyboard-integer-underflow-bug.patch b/queue-2.6.33/keyboard-integer-underflow-bug.patch new file mode 100644 index 0000000..339e219 --- /dev/null +++ b/queue-2.6.33/keyboard-integer-underflow-bug.patch @@ -0,0 +1,35 @@ +From b652277b09d3d030cb074cc6a98ba80b34244c03 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <error27@gmail.com> +Date: Thu, 3 Mar 2011 17:56:06 +0100 +Subject: [S390] keyboard: integer underflow bug + +From: Dan Carpenter <error27@gmail.com> + +commit b652277b09d3d030cb074cc6a98ba80b34244c03 upstream. + +The "ct" variable should be an unsigned int. Both struct kbdiacrs +->kb_cnt and struct kbd_data ->accent_table_size are unsigned ints. + +Making it signed causes a problem in KBDIACRUC because the user could +set the signed bit and cause a buffer overflow. + +Signed-off-by: Dan Carpenter <error27@gmail.com> +Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/s390/char/keyboard.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/s390/char/keyboard.c ++++ b/drivers/s390/char/keyboard.c +@@ -462,7 +462,8 @@ kbd_ioctl(struct kbd_data *kbd, struct f + unsigned int cmd, unsigned long arg) + { + void __user *argp; +- int ct, perm; ++ unsigned int ct; ++ int perm; + + argp = (void __user *)arg; + diff --git a/queue-2.6.33/series b/queue-2.6.33/series index 0d1c5c5..ef9bf5f 100644 --- a/queue-2.6.33/series +++ b/queue-2.6.33/series @@ -407,3 +407,5 @@ e1000e-disable-broken-phy-wakeup-for-ich10-loms-use-mac-wakeup-instead.patch r8169-disable-aspm.patch usb-iowarrior-don-t-trust-report_size-for-buffer-size.patch cifs-fix-oplock-break-handling-try-2.patch +cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch +keyboard-integer-underflow-bug.patch |