We (the -stable team) are announcing the release of the 2.6.15.6 kernel.
The diffstat and short summary of the fixes are below.
I'll also be replying to this message with a copy of the patch between
2.6.15.5 and 2.6.15.6, as it is small enough to do so.
The updated 2.6.15.y git tree can be found at:
rsync://rsync.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.15.y.git
and can be browsed at the normal kernel.org git web browser:
http://www.kernel.org/git/
thanks,
-chris
--------
Makefile | 2 +-
arch/ia64/kernel/unaligned.c | 2 +-
fs/nfs/direct.c | 7 ++++++-
include/linux/types.h | 1 +
net/core/request_sock.c | 1 -
5 files changed, 9 insertions(+), 4 deletions(-)
Summary of changes from v2.6.15.5 to v2.6.15.6
==============================================
Arnaldo Carvalho de Melo:
Don't reset rskq_defer_accept in reqsk_queue_alloc
Chris Wright:
fs/nfs/direct.c compile fix
Linux 2.6.15.6
Dave Jones:
mempolicy.c compile fix, make sure BITS_PER_BYTE is defined
Tony Luck:
[IA64] die_if_kernel() can return (CVE-2006-0742)
diff --git a/Makefile b/Makefile
index 9b04e35..3a85dd1 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 15
-EXTRAVERSION = .5
+EXTRAVERSION = .6
NAME=Sliding Snow Leopard
# *DOCUMENTATION*
diff --git a/arch/ia64/kernel/unaligned.c b/arch/ia64/kernel/unaligned.c
index 43b45b6..f2bc971 100644
--- a/arch/ia64/kernel/unaligned.c
+++ b/arch/ia64/kernel/unaligned.c
@@ -24,7 +24,7 @@
#include <asm/uaccess.h>
#include <asm/unaligned.h>
-extern void die_if_kernel(char *str, struct pt_regs *regs, long err) __attribute__ ((noreturn));
+extern void die_if_kernel(char *str, struct pt_regs *regs, long err);
#undef DEBUG_UNALIGNED_TRAP
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 3ebb06e..96c104b 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -57,6 +57,7 @@
#define NFSDBG_FACILITY NFSDBG_VFS
#define MAX_DIRECTIO_SIZE (4096UL << PAGE_SHIFT)
+static void nfs_free_user_pages(struct page **pages, int npages, int do_dirty);
static kmem_cache_t *nfs_direct_cachep;
/*
@@ -106,12 +107,16 @@ nfs_get_user_pages(int rw, unsigned long
result = get_user_pages(current, current->mm, user_addr,
page_count, (rw == READ), 0,
*pages, NULL);
+ up_read(¤t->mm->mmap_sem);
+ /*
+ * If we got fewer pages than expected from get_user_pages(),
+ * the user buffer runs off the end of a mapping; return EFAULT.
+ */
if (result >= 0 && result < page_count) {
nfs_free_user_pages(*pages, result, 0);
*pages = NULL;
result = -EFAULT;
}
- up_read(¤t->mm->mmap_sem);
}
return result;
}
diff --git a/include/linux/types.h b/include/linux/types.h
index 21b9ce8..f5a4572 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -8,6 +8,7 @@
(((bits)+BITS_PER_LONG-1)/BITS_PER_LONG)
#define DECLARE_BITMAP(name,bits) \
unsigned long name[BITS_TO_LONGS(bits)]
+#define BITS_PER_BYTE 8
#endif
#include <linux/posix_types.h>
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index b8203de..98f0fc9 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -52,7 +52,6 @@ int reqsk_queue_alloc(struct request_soc
get_random_bytes(&lopt->hash_rnd, sizeof(lopt->hash_rnd));
rwlock_init(&queue->syn_wait_lock);
queue->rskq_accept_head = queue->rskq_accept_head = NULL;
- queue->rskq_defer_accept = 0;
lopt->nr_table_entries = nr_table_entries;
write_lock_bh(&queue->syn_wait_lock);