[Karmic] SRU: Update to 2.6.31.7 stable kernel
Andy Whitcroft
apw at canonical.com
Wed Jan 6 16:27:57 UTC 2010
On Thu, Dec 10, 2009 at 12:57:04PM -0800, Leann Ogasawara wrote:
> Hi All,
>
> https://bugs.edge.launchpad.net/ubuntu/karmic/+source/linux/+bug/494633
>
> SRU Justification/Impact:
>
> The 2.6.31.7 stable kernel has recently been released. The 2.6.31.7
> Upstream Stable Kernel brings in 123 patches. 5 of the 123 patches have
> already been released in a security update. Also 1 patch replaces an
> existing SAUCE patch we were temporarily carrying. Stefan has applied
> and pushed these patches to a stable branch in his tree for review.
I had a spin through the patches. Overall they are pretty self
contained mostly being simple one liners which look sensible or
additions of quirks which seem properly only affecting specificly
identified devices.
Some of the larger ones seem to be sane fixes for rather nasty md
rebuild issue which sound like they could cause major issues with
userspace interactions with mdadm when doing 'protected' rebuilds.
Of note is some fixes for frequency scaling and for fan control on the
aspire which sounds pretty handy. There are also a couple of ironlake
changes which look needed.
The one oddy in the pack is the SHMEM thingy, but as has been previously
mentioned we already have this enabled and so it has no actual effect.
Overally this pile seem ok to my eye. More detail on my reading below.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
f8ebcb2 Linux 2.6.31.7
noop
b02f6a9 isdn: hfc_usb: Fix read buffer overflow
simple reordering of the elements of an if.
5481937 Input: keyboard - fix braille keyboard keysym generation
appears sane.
c0d2a80 acerhdf: return temperature in milidegree instead of degree
appears sane, machine specific.
77540b8 acerhdf: additional BIOS versions
appear sane, adds new bios signatures.
0823e60 PCI: Prevent AER driver from being loaded on non-root port PCIE devices
only applies AER driver to RC_PORTs only, appear sane
9509e37 V4L/DVB (13257): gspca - m5602-s5k4aa: Add vflip for Fujitsu Amilo Xi 2528
c7694e8 V4L/DVB (13256): gspca - m5602-s5k4aa: Add another MSI GX700 vflip quirk
c48bcef V4L/DVB (13255): gspca - m5602-s5k4aa: Add vflip quirk for the Bruneinit laptop
verticle flip support for various cameras, all tied to specific DMI info
e689a0b tty/of_serial: add missing ns16550a id
adds a new device id, seems to be openfirmware specific, low risk
321cb43 drm/fb: fix FBIOGET/PUT_VSCREENINFO pixel clock handling
fixes unknown clock values fixing X fbdev support
e7ec863 acerhdf: fix fan control for AOA150 model
fixes switching to BIOS fan control on aspires
95c2fff i2c: Fix userspace_device list corruption
fixes lost items which lead to panics
d02b2ce ath5k: Linear PCDAC code fixes
fixes handling of antenna gain
d801d0a sky2: set carrier off in probe
fixes default carrier sense state
c089a8d crypto: padlock-aes - Use the correct mask when checking whether copying is required
fixes page size checks to correctly switch to copying
4a72cdf b43: Fix DMA TX bounce buffer copying
fixes lost queue and congestion information
380cf59 netfilter: xt_connlimit: fix regression caused by zero family value
ensures correct filter family checks
325786e netfilter: nf_nat: fix NAT issue in 2.6.30.4+
fixes active FTP over NAT. like an ABI bumper
636addb agp/intel: new host bridge support
adds a new AGP id for ironlake
3850425 hwmon: (adt7475) Cache limits for 60 seconds
optimisation to only read limits minutly
e3675ca hwmon: (adt7475) Fix temperature fault flags
fixes temperature reporting
ee39894 block: use after free bug in __blkdev_get
fixes an obvious use after free
bb969fd hso: fix soft-lockup
fixes a kobject use after free
415cc7b perf_event: Adjust frequency and unthrottle for non-group-leader events
fixes long runing perf events
2a959cf md: revert incorrect fix for read error handling in raid1.
repairs a bad forward port for an error handling path
a5aefac modules: don't export section names of empty sections via sysfs
affects parisc only, prevents null sections in a module from being visible
and causing errors
96433ac param: don't complain about unused module parameters.
allows module parameters through to userspace silently as modprobe handles them
9530e63 pxamci: call mmc_remove_host() before freeing resources
another use after free leading to an oops
d9abf6e tty_port: handle the nonblocking open of a dead port corner case
allow non-blocking open of dead ports to allow programming
77d12b1 USB: work around for EHCI with quirky periodic schedules
add pci id specific quirk for intel drivers
1440969 USB: ftdi_sio: Keep going when write errors are encountered.
fixes error handling
774430b usb: amd5536udc: fixed shared interrupt bug and warning oops
fixes an interupt init bug and avoids an oops on tear down
41e0b06 USB: musb_gadget: fix STALL handling
rather complex but self contained
3d57f55 USB: EHCI: don't send Clear-TT-Buffer following a STALL
prevents stalls triggering audio disconnects on some hubs
7eeea23 speedstep-ich: fix error caused by 394122ab144dae4b276d74644a2f11c44a60ac5c
passes processor type instread of number to speedstep_get_frequency
be48833 ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
prevents oops on oversize packets arriving
c3f57df V4L/DVB (13314): saa7134: set ts_force_val for the Hauppauge WinTV HVR-1150
ed3876a V4L/DVB (13313): saa7134: add support for FORCE_TS_VALID mode for mpeg ts input
new quirks for specific boards
3a1e1a6 V4L/DVB (13202): smsusb: add autodetection support for three additional Hauppauge USB IDs
new device ids
b4b4c13 sched: Fix isolcpus boot option
fixes isolcpus= command line option
8526322 sched: Fix boot crash by zalloc()ing most of the cpu masks
fixes boot crash when cpu masks happen to have junk
3c6f31d sparc: Move of_set_property_mutex acquisition outside of devtree_lock grab.
lock nesting fix
e5ac34f sparc64: replace parentheses in pmul()
fixes pmul offset calculation
f7f7ef6 sfc: Set ip_summed correctly for page buffers passed to GRO
fixes ip_summed status for packets
193fe66 bonding: Modify hash transmit policies to use the packet's source MAC address
fixes bonding hash algorith
5213d26 net: fix sk_forward_alloc corruption
ensure we only free skbs while they are locked
fb97d3d pkt_sched: pedit use proper struct
ensure we validate sizes using the correct structure
e09fa91 acenic: Pass up error code from ace_load_firmware()
ensure we correctly report firmware load issues
f2f3a69 udp: Fix udp_poll() and ioctl()
ensure we do not incorrectly indicate there are packets to read, when they
have bad checksums
6a36e59 drm/i915: Fix IRQ stall issue on Ironlake
ensure we have turned off interrupts before fiddling with settings
fixes ironlake
a75c644 drm: work around EDIDs with bad htotal/vtotal values
work around bad EDID data
2ca6ea5 drm/i915: Select CONFIG_SHMEM
i915 requires shmem driver
1519b64 V4L/DVB (12696): gspca - sonixj / sn9c102: Two drivers for 0c45:60fc and 0c45:613e.
338d606 V4L/DVB (12691): gspca - sonixj: Don't use mdelay().
ab5b968 V4L/DVB (12501): gspca - sonixj: Do the ov7660 sensor work again.
8e6666b V4L/DVB (12356): gspca - sonixj: Webcam 0c45:6148 added
0c8953e V4L/DVB (12280): gspca - sonixj: Remove auto gain/wb/expo for the ov7660 sensor.
various device specific quirk
a2ddf6a V4L/DVB (12948): v4l1-compat: fix VIDIOC_G_STD handling
cope with missing ioctl
7087c84 V4L/DVB (13321): radio-gemtek-pci: fix double mutex_lock
fixes badly nested mutexes
975894c V4L/DVB (13436): cxusb: Fix hang on DViCO FusionHDTV DVB-T Dual Digital 4 (rev 1)
device specific tweak
37ed9bf Enable ACPI PDC handshake for VIA/Centaur CPUs
allows frequency changing to work on VIA
57ce46e thinkpad-acpi: fix sign of ERESTARTSYS return
fixes return value to trigger correct error handling
899da70 rfkill: fix miscdev ops
ensure we cannot remove the rfkill module while in use
8d0d5e2 b43: Work around mac80211 race condition
fixes spurious and concerning sounding errors
b62b52a mac80211: fix spurious delBA handling
a9f5433 mac80211: fix two remote exploits
security issues with packets leading to panic
57ee10d ASoC: AIC23: Fixing infinite loop in resume path
fixes hang on resume non intel sound
f624cb3 ASoC: Fix suspend with active audio streams
fixes power handling when suspending non intel sound
b79250a fuse: reject O_DIRECT flag also in fuse_create
prevent open for O_DIRECT on fuse filesystems (which makes no sense and breaks)
aa7c7f8 NFSv4: Fix a cache validation bug which causes getcwd() to return ENOENT
fixes random ENOENT returns to userspace
8bc4be6 ima: replace GFP_KERNEL with GFP_NOFS
fixes allocation level to prevent recursion into the filesystem
2b41cc4 iwlwifi: Fix issue on file transfer stalled in HT mode
prevents fifo underrun in u-code
5a68dad iwlwifi: Use RTS/CTS as the preferred protection mechanism for 6000 series
switch to using vendor approved protection for packets
ee003b2 USB: xhci: Fix scratchpad deallocation.
a use after reset bug
03a3cf4 USB: xhci: Fix TRB physical to virtual address translation.
fixes an infinite loop
4d10d9e USB: xhci: Fix bug memory free after failed initialization.
prevents use after memory allocation failure oops
c859382 USB: cdc_acm: Fix race condition when opening tty
fix code ordering to ensure all bul IN packets are seen
25838ae USB: option.c: add support for D-Link DWM-162-U5
adds a new device
5f1e436 USB: usbmon: fix bug in mon_buff_area_shrink
ensure we return what data we did get
49cb656 USB: ohci: quirk AMD prefetch for USB 1.1 ISO transfer
AMD device specific quirk
7fcbd9f tty: cp210x: Fix carrier handling
fixes carrier states for specific device
8f34cea tty_port: If we are opened non blocking we still need to raise the carrier
ensure we assert carrier when openeing even when not waiting for open to complete
ffb83b9 page allocator: always wake kswapd when restarting an allocation attempt after direct reclaim failed
gives kswapd more notice of allocation issues and better inforamtion about what sizes are needed
88b117c page allocator: Do not allow interrupts to use ALLOC_HARDER
restore older semantics for ALLOC_HARDER preventing rt processes dipping too far into reserves
280292d pidns: fix a leak in /proc dentries and inodes with pid namespaces.
fixes leak of /proc connected data structures
0c98d0c memcg: fix wrong pointer initialization at page migration when memcg is disabled.
prevent panics when memory control groups are disabled
bd7d235 fs: add missing compat_ptr handling for FS_IOC_RESVSP ioctl
fixes compat ioctls for 32/64 bit
4549526 rtc: v3020: fix v3020_mmio_read_bit()
fixes cast truncation of shifted value
073493a pps: locking scheme fix up for PPS_GETPARAMS
adds appropriate locking for ioctl
f1d8f4d pps: events reporting fix up
prevents miss-wakeup from the wrong events
02caa6b uids: Prevent tear down race
fixes locking to prevent oops releasing uids
7b9acdf V4L/DVB (13230): s2255drv: Don't conditionalize video buffer completion on waiting processes
ensure we return frames even when noone is waiting, they may be just off doing something
c43d781 V4L/DVB (13079): dib0700: fixed xc2028 firmware loading kernel oops
prevent an oops on firmware load
27bff6b V4L/DVB (13190): em28xx: fix panic that can occur when starting audio streaming
ensure we reset correctly on open, else we may expose kernel memory or panic
53017a3 V4L/DVB (13107): tda18271: fix overflow in FM radio frequency calculation
prevent integer overflow and incorrect frequency selection
7e12091 V4L/DVB (13109): tda18271: fix signedness issue in tda18271_rf_tracking_filters_init
fixes signeness triggering overflow and incorrect frequency selection
21b6d2e V4L/DVB (13170): bttv: Fix reversed polarity error when switching video standard
fixes cropping setup on mode switch
d658152 V4L/DVB (13169): bttv: Fix potential out-of-order field processing
ensure we don't lose the top 'field' of a frame for ever more once we run out of buffers
ee83348 kmap: fix build errors with DEBUG_HIGHMEM enabled
22e633d powerpc: Fix DEBUG_HIGHMEM build break from d4515646699
fixes arm/pwerpc build errors not strictly required as we arn't hitting it
8eed84d highmem: Fix debug_kmap_atomic() to also handle KM_IRQ_PTE, KM_NMI, and KM_NMI_PTE
fixes spurious warnings from perf
52f9034 highmem: Fix race in debug_kmap_atomic() which could cause warn_count to underflow
fixes bug in warning limit checks in debug_kmap_atomic
80bc5c1 sound: rawmidi: fix MIDI device O_APPEND error handling
fixes potential panics during failed open
dfe0b47 sound: rawmidi: fix double init when opening MIDI device with O_APPEND
fixes double init leak when opened more than once
1a65ef1 sound: rawmidi: fix checking of O_APPEND when opening MIDI device
semantic fix for O_APPEND
e38dcb2 sound: rawmidi: disable active-sensing-on-close by default
avoid output interferance following a recent close
ea4cf64 jffs2: Fix memory corruption in jffs2_read_inode_range()
fixes potential for massive corruption of kernel memory
2a2c59e ALSA: AACI: fix recording bug
fixes use of the wrong pcm structure for record
c20be9b ALSA: AACI: fix AC97 multiple-open bug
ensure the stream is closed when closing
b381ea6 ALSA: hda - Dell Studio 1557 hd-audio quirk
simple device specific quirk
44cf344 ALSA: usb-audio: fix combine_word problem
fix device naming
57a0aa3 md/raid1/raid10: add a cond_resched
prevent spurious warnings for stuck threads when fixing raid10 stripes
8a79635 md/raid5: make sure curr_sync_completes is uptodate when reshape starts
ensure current repair status is correctly reported to userspace
98bc571 md: don't clear endpoint for resync when resync is interrupted.
ensure the endpoint of a resync is honoured
146d0c0 rtl8187: Fix kernel oops when device is removed when LEDS enabled
unregisters the leds before dropping any led timers
1743889 gdth: Prevent negative offsets in ioctl CVE-2009-3080
prevents negative offsets prevents exploits
24fa7e7 CIFS: Duplicate data on appending to some Samba servers
prevent append from being used and prevent corruption
0fbad7a CIFS: fix oops in cifs_lookup during net boot
prevent cifs crash during network boot
fb59866 cifs: clear server inode number flag while autodisabling
fix inversion to actually turn off inode numbers
ad43167 cifs: clean up handling when server doesn't consistently support inode numbers
ensure we don't use inodes when they are not offered
6804b96 cifs: don't use CIFSGetSrvInodeNumber in is_path_accessible
remove unreliable optimisation
b88b724 nilfs2: fix kernel oops in error case of nilfs_ioctl_move_blocks
fixes oops due to list corruption
More information about the kernel-team
mailing list