patches

3 files changed, 84 insertions, 0 deletions

diff --git a/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch b/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch
new file mode 100644
index 0000000..3d88b6e
--- /dev/null
+++ b/queue-2.6.33/cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch
@@ -0,0 +1,47 @@
+From b75f38d659e6fc747eda64cb72f3920e29dd44a4 Mon Sep 17 00:00:00 2001
+From: Li Zefan <lizf@cn.fujitsu.com>
+Date: Fri, 4 Mar 2011 17:36:21 -0800
+Subject: cpuset: add a missing unlock in cpuset_write_resmask()
+
+From: Li Zefan <lizf@cn.fujitsu.com>
+
+commit b75f38d659e6fc747eda64cb72f3920e29dd44a4 upstream.
+
+Don't forget to release cgroup_mutex if alloc_trial_cpuset() fails.
+
+[akpm@linux-foundation.org: avoid multiple return points]
+Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
+Cc: Paul Menage <menage@google.com>
+Acked-by: David Rientjes <rientjes@google.com>
+Cc: Miao Xie <miaox@cn.fujitsu.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/cpuset.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/kernel/cpuset.c
++++ b/kernel/cpuset.c
+@@ -1513,8 +1513,10 @@ static int cpuset_write_resmask(struct c
+ 		return -ENODEV;
+ 
+ 	trialcs = alloc_trial_cpuset(cs);
+-	if (!trialcs)
+-		return -ENOMEM;
++	if (!trialcs) {
++		retval = -ENOMEM;
++		goto out;
++	}
+ 
+ 	switch (cft->private) {
+ 	case FILE_CPULIST:
+@@ -1529,6 +1531,7 @@ static int cpuset_write_resmask(struct c
+ 	}
+ 
+ 	free_trial_cpuset(trialcs);
++out:
+ 	cgroup_unlock();
+ 	return retval;
+ }
diff --git a/queue-2.6.33/keyboard-integer-underflow-bug.patch b/queue-2.6.33/keyboard-integer-underflow-bug.patch
new file mode 100644
index 0000000..339e219
--- /dev/null
+++ b/queue-2.6.33/keyboard-integer-underflow-bug.patch
@@ -0,0 +1,35 @@
+From b652277b09d3d030cb074cc6a98ba80b34244c03 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <error27@gmail.com>
+Date: Thu, 3 Mar 2011 17:56:06 +0100
+Subject: [S390] keyboard: integer underflow bug
+
+From: Dan Carpenter <error27@gmail.com>
+
+commit b652277b09d3d030cb074cc6a98ba80b34244c03 upstream.
+
+The "ct" variable should be an unsigned int.  Both struct kbdiacrs
+->kb_cnt and struct kbd_data ->accent_table_size are unsigned ints.
+
+Making it signed causes a problem in KBDIACRUC because the user could
+set the signed bit and cause a buffer overflow.
+
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/s390/char/keyboard.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/s390/char/keyboard.c
++++ b/drivers/s390/char/keyboard.c
+@@ -462,7 +462,8 @@ kbd_ioctl(struct kbd_data *kbd, struct f
+ 	  unsigned int cmd, unsigned long arg)
+ {
+ 	void __user *argp;
+-	int ct, perm;
++	unsigned int ct;
++	int perm;
+ 
+ 	argp = (void __user *)arg;
+ 
diff --git a/queue-2.6.33/series b/queue-2.6.33/series
index 0d1c5c5..ef9bf5f 100644
--- a/queue-2.6.33/series
+++ b/queue-2.6.33/series
@@ -407,3 +407,5 @@ e1000e-disable-broken-phy-wakeup-for-ich10-loms-use-mac-wakeup-instead.patch
 r8169-disable-aspm.patch
 usb-iowarrior-don-t-trust-report_size-for-buffer-size.patch
 cifs-fix-oplock-break-handling-try-2.patch
+cpuset-add-a-missing-unlock-in-cpuset_write_resmask.patch
+keyboard-integer-underflow-bug.patch