rpms/kernel/F-8 linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch, NONE, 1.1 kernel.spec, 1.342, 1.343 linux-2.6-futex-fix-fixups.patch, 1.1, 1.2
Chuck Ebbert (cebbert)
fedora-extras-commits at redhat.com
Wed Feb 6 18:20:42 UTC 2008
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4375
Modified Files:
kernel.spec linux-2.6-futex-fix-fixups.patch
Added Files:
linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch
Log Message:
* Wed Feb 06 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.14-134
- Use the upstream fix for futex locking.
- Fix oops in netfilter (#430663)
linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch:
--- NEW FILE linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch ---
commit 6953954cc566c19a84b7ca9647c16dabe4646c03
Author: Patrick McHardy <kaber at trash.net>
Date: Sat Feb 2 12:01:03 2008 +0100
[NETFILTER]: nf_conntrack: fix ct_extend ->move operation
The ->move operation has two bugs:
- It is called with the same extension as source and destination,
so it doesn't update the new extension.
- The address of the old extension is calculated incorrectly,
instead of (void *)ct->ext + ct->ext->offset[i] it uses
ct->ext + ct->ext->offset[i].
Should fix a crash on x86_64 reported by Chuck Ebbert <cebbert at redhat.com>
and Thomas Woerner <twoerner at redhat.com>.
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
index 73b5711..49aac63 100644
--- a/include/net/netfilter/nf_conntrack_extend.h
+++ b/include/net/netfilter/nf_conntrack_extend.h
@@ -67,7 +67,7 @@ struct nf_ct_ext_type
void (*destroy)(struct nf_conn *ct);
/* Called when realloacted (can be NULL).
Contents has already been moved. */
- void (*move)(struct nf_conn *ct, void *old);
+ void (*move)(void *new, void *old);
enum nf_ct_ext_id id;
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index dd07362..0d5fa3a 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -600,10 +600,10 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
spin_unlock_bh(&nf_nat_lock);
}
-static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
+static void nf_nat_move_storage(void *new, void *old)
{
- struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
- struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old;
+ struct nf_conn_nat *new_nat = new;
+ struct nf_conn_nat *old_nat = old;
struct nf_conn *ct = old_nat->ct;
if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index cf6ba66..8b9be1e 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -109,7 +109,8 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
rcu_read_lock();
t = rcu_dereference(nf_ct_ext_types[i]);
if (t && t->move)
- t->move(ct, ct->ext + ct->ext->offset[i]);
+ t->move((void *)new + new->offset[i],
+ (void *)ct->ext + ct->ext->offset[i]);
rcu_read_unlock();
}
kfree(ct->ext);
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-8/kernel.spec,v
retrieving revision 1.342
retrieving revision 1.343
diff -u -r1.342 -r1.343
--- kernel.spec 6 Feb 2008 01:22:49 -0000 1.342
+++ kernel.spec 6 Feb 2008 18:19:50 -0000 1.343
@@ -661,6 +661,7 @@
Patch430: linux-2.6-net-silence-noisy-printks.patch
# Patch431: linux-2.6-netfilter-fix-null-deref-nf_nat_move_storage.patch
+Patch431: linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch
Patch440: linux-2.6-sha_alignment.patch
Patch450: linux-2.6-input-kill-stupid-messages.patch
Patch451: linux-2.6-input-fix-sync-loss-acer-aspire.patch
@@ -1274,6 +1275,8 @@
ApplyPatch linux-2.6-net-silence-noisy-printks.patch
# fix oops in netfilter
# ApplyPatch linux-2.6-netfilter-fix-null-deref-nf_nat_move_storage.patch
+# fix oops in netfilter again
+ApplyPatch linux-2.6-netfilter-really-fix-oops-in-nf_nat_move_storage.patch
# Misc fixes
# Fix SHA1 alignment problem on ia64
@@ -2082,6 +2085,10 @@
%changelog
+* Wed Feb 06 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.14-134
+- Use the upstream fix for futex locking.
+- Fix oops in netfilter (#430663)
+
* Tue Feb 05 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.14-133
- ACPI: fix early init of EC (#426480)
linux-2.6-futex-fix-fixups.patch:
Index: linux-2.6-futex-fix-fixups.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-8/linux-2.6-futex-fix-fixups.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- linux-2.6-futex-fix-fixups.patch 23 Jan 2008 00:31:40 -0000 1.1
+++ linux-2.6-futex-fix-fixups.patch 6 Feb 2008 18:19:50 -0000 1.2
@@ -1,107 +1,93 @@
-Here it is for 2.6.23:
+Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d55b9923a1b7ea8193b8875c57ec940dc2ff027
+Commit: 9d55b9923a1b7ea8193b8875c57ec940dc2ff027
+Parent: 5df7fa1c62146a0933767d040d400013310dbcc7
+Author: Thomas Gleixner <tglx at linutronix.de>
+AuthorDate: Fri Feb 1 17:45:14 2008 +0100
+Committer: Ingo Molnar <mingo at elte.hu>
+CommitDate: Fri Feb 1 17:45:14 2008 +0100
+
+ x86: replace LOCK_PREFIX in futex.h
+
+ The exception fixup for the futex macros __futex_atomic_op1/2 and
+ futex_atomic_cmpxchg_inatomic() is missing an entry when the lock
+ prefix is replaced by a NOP via SMP alternatives.
+
+ Chuck Ebert tracked this down from the information provided in:
+ https://bugzilla.redhat.com/show_bug.cgi?id=429412
+
+ A possible solution would be to add another fixup after the
+ LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the
+ exception table, but it's not really worth the trouble.
+
+ Simply replace LOCK_PREFIX with lock and keep those untouched by SMP
+ alternatives.
+
+ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+
+ Signed-off-by: Ingo Molnar <mingo at elte.hu>
-Subject: x86: fix missing exception entry for SMP alternatives in futex macros
-From: Thomas Gleixner <tglx at linutronix.de>
-
-The exception fixup for the futex macros __futex_atomic_op2 and
-futex_atomic_cmpxchg_inatomic() is missing an entry when the lock
-prefix is replaced by a NOP via SMP alternatives.
-
-Chuck Ebert tracked this down from the information provided in:
-https://bugzilla.redhat.com/show_bug.cgi?id=429412
-
-The solution is to add another fixup after the LOCK_PREFIX, so both
-the LOCK and NOP case have their own entry in the exception table.
-
-The solution was pointed out by Andi Kleen.
-
-Trivial backport to 2.6.23 by Chuck Ebbert.
-
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Acked-by: Ingo Molnar <mingo at elte.hu>
+ [cebbert at redhat.com: backport to 2.6.23]
---
- include/asm-i386/futex.h | 8 ++++----
- include/asm-x86_64/futex.h | 8 ++++----
- 2 files changed, 8 insertions(+), 8 deletions(-)
+ include/asm-i386/futex.h | 6 +++---
+ include/asm-x86_64/futex.h | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
-Index: linux-2.6/include/asm-i386/futex.h
-===================================================================
---- linux-2.6.orig/include/asm-i386/futex.h 2008-01-22 13:13:10.000000000 +0100
-+++ linux-2.6/include/asm-i386/futex.h 2008-01-22 13:13:49.000000000 +0100
+--- vanilla.orig/include/asm-i386/futex.h
++++ vanilla/include/asm-i386/futex.h
@@ -28,7 +28,7 @@
"1: movl %2, %0\n\
movl %0, %3\n" \
insn "\n" \
-"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\
-+"2: " LOCK_PREFIX "\n 5: cmpxchgl %3, %2\n\
++"2: lock ; cmpxchgl %3, %2\n\
jnz 1b\n\
3: .section .fixup,\"ax\"\n\
4: mov %5, %1\n\
-@@ -36,7 +36,7 @@
- .previous\n\
- .section __ex_table,\"a\"\n\
- .align 8\n\
-- .long 1b,4b,2b,4b\n\
-+ .long 1b,4b,2b,4b,5b,4b\n\
- .previous" \
- : "=&a" (oldval), "=&r" (ret), "+m" (*uaddr), \
- "=&r" (tem) \
+@@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op,
+ #endif
+ switch (op) {
+ case FUTEX_OP_ADD:
+- __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret,
++ __futex_atomic_op1("lock ; xaddl %0, %2", ret,
+ oldval, uaddr, oparg);
+ break;
+ case FUTEX_OP_OR:
@@ -111,7 +111,7 @@ futex_atomic_cmpxchg_inatomic(int __user
return -EFAULT;
__asm__ __volatile__(
- "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n"
-+ "1: " LOCK_PREFIX "\n 4: cmpxchgl %3, %1 \n"
++ "1: lock ; cmpxchgl %3, %1 \n"
"2: .section .fixup, \"ax\" \n"
"3: mov %2, %0 \n"
-@@ -120,7 +120,7 @@ futex_atomic_cmpxchg_inatomic(int __user
-
- " .section __ex_table, \"a\" \n"
- " .align 8 \n"
-- " .long 1b,3b \n"
-+ " .long 1b,3b,4b,3b \n"
- " .previous \n"
-
- : "=a" (oldval), "+m" (*uaddr)
-Index: linux-2.6/include/asm-x86_64/futex.h
-===================================================================
---- linux-2.6.orig/include/asm-x86_64/futex.h 2008-01-22 13:13:10.000000000 +0100
-+++ linux-2.6/include/asm-x86_64/futex.h 2008-01-22 13:13:49.000000000 +0100
+--- vanilla.orig/include/asm-x86_64/futex.h
++++ vanilla/include/asm-x86_64/futex.h
@@ -27,7 +27,7 @@
"1: movl %2, %0\n\
movl %0, %3\n" \
insn "\n" \
-"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\
-+"2: " LOCK_PREFIX "\n 5: cmpxchgl %3, %2\n\
++"2: lock ; cmpxchgl %3, %2\n\
jnz 1b\n\
3: .section .fixup,\"ax\"\n\
4: mov %5, %1\n\
-@@ -35,7 +35,7 @@
- .previous\n\
- .section __ex_table,\"a\"\n\
- .align 8\n\
-- .quad 1b,4b,2b,4b\n\
-+ .quad 1b,4b,2b,4b,5b,4b\n\
- .previous" \
- : "=&a" (oldval), "=&r" (ret), "=m" (*uaddr), \
- "=&r" (tem) \
+@@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op,
+ __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
+ break;
+ case FUTEX_OP_ADD:
+- __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
++ __futex_atomic_op1("lock ; xaddl %0, %2", ret, oldval,
+ uaddr, oparg);
+ break;
+ case FUTEX_OP_OR:
@@ -101,7 +101,7 @@ futex_atomic_cmpxchg_inatomic(int __user
return -EFAULT;
__asm__ __volatile__(
- "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n"
-+ "1: " LOCK_PREFIX "\n 4: cmpxchgl %3, %1 \n"
++ "1: lock ; cmpxchgl %3, %1 \n"
"2: .section .fixup, \"ax\" \n"
"3: mov %2, %0 \n"
-@@ -110,7 +110,7 @@ futex_atomic_cmpxchg_inatomic(int __user
-
- " .section __ex_table, \"a\" \n"
- " .align 8 \n"
-- " .quad 1b,3b \n"
-+ " .quad 1b,3b,4b,3b \n"
- " .previous \n"
-
- : "=a" (oldval), "=m" (*uaddr)
More information about the fedora-extras-commits
mailing list