From 33ad35fdf4b174f586b3d91f2f9fb8701712ca28 Mon Sep 17 00:00:00 2001 From: Jurij Smakov Date: Sat, 28 Oct 2006 03:20:41 +0000 Subject: [PATCH] * [sparc] Add bugfix/sparc/bus-id-size.patch (thanks to David Miller) to ensure that the size of the strings stored in the bus_id field of struct device never exceeds the amount of memory allocated for them (20 bytes). It fixes the situations in which storing longer device names in this field would cause corruption of adjacent memory regions. (closes: #394697). Ref: http://marc.theaimsgroup.com/?t=116193220200003&r=1&w=2 Patch posted in the thread has been modified to apply cleanly to 2.6.18-3. svn path=/dists/trunk/linux-2.6/; revision=7655 --- debian/changelog | 6 ++ debian/patches/bugfix/sparc/bus-id-size.patch | 96 +++++++++++++++++++ debian/patches/series/4 | 1 + 3 files changed, 103 insertions(+) create mode 100644 debian/patches/bugfix/sparc/bus-id-size.patch diff --git a/debian/changelog b/debian/changelog index 1e989154c..5ed98a8ac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,12 @@ linux-2.6 (2.6.18-4) UNRELEASED; urgency=low prevents a number of unaligned memory accesses, like the ones in sys_msgrcv() and compat_sys_msgrcv(), triggered every 5 seconds whenever fakeroot is running. + * [sparc] Add bugfix/sparc/bus-id-size.patch (thanks to David Miller) + to ensure that the size of the strings stored in the bus_id field of + struct device never exceeds the amount of memory allocated for them + (20 bytes). It fixes the situations in which storing longer device + names in this field would cause corruption of adjacent memory regions. + (closes: #394697). [ Martin Michlmayr ] * arm/iop32x: Fix the interrupt of the 2nd Ethernet slot on N2100. diff --git a/debian/patches/bugfix/sparc/bus-id-size.patch b/debian/patches/bugfix/sparc/bus-id-size.patch new file mode 100644 index 000000000..459bf42dc --- /dev/null +++ b/debian/patches/bugfix/sparc/bus-id-size.patch @@ -0,0 +1,96 @@ +diff -aur a/arch/sparc/kernel/ebus.c b/arch/sparc/kernel/ebus.c +--- a/arch/sparc/kernel/ebus.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/arch/sparc/kernel/ebus.c 2006-10-27 19:19:51.000000000 -0700 +@@ -237,12 +237,12 @@ + dev->ofdev.node = dp; + dev->ofdev.dev.parent = &dev->bus->ofdev.dev; + dev->ofdev.dev.bus = &ebus_bus_type; +- strcpy(dev->ofdev.dev.bus_id, dp->path_component_name); ++ sprintf(dev->ofdev.dev.bus_id, "ebus[%08x]", dp->node); + + /* Register with core */ + if (of_device_register(&dev->ofdev) != 0) + printk(KERN_DEBUG "ebus: device registration error for %s!\n", +- dev->ofdev.dev.bus_id); ++ dp->path_component_name); + + if ((dp = dp->child) != NULL) { + dev->children = (struct linux_ebus_child *) +diff -aur a/arch/sparc/kernel/of_device.c b/arch/sparc/kernel/of_device.c +--- a/arch/sparc/kernel/of_device.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/arch/sparc/kernel/of_device.c 2006-10-27 19:19:51.000000000 -0700 +@@ -652,7 +652,7 @@ + if (!parent) + strcpy(op->dev.bus_id, "root"); + else +- strcpy(op->dev.bus_id, dp->path_component_name); ++ sprintf(op->dev.bus_id, "%08x", dp->node); + + if (of_device_register(op)) { + printk("%s: Could not register of device.\n", +Only in b/arch/sparc/kernel: of_device.c.orig +diff -aur a/arch/sparc64/kernel/ebus.c b/arch/sparc64/kernel/ebus.c +--- a/arch/sparc64/kernel/ebus.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/arch/sparc64/kernel/ebus.c 2006-10-27 19:19:51.000000000 -0700 +@@ -389,12 +389,12 @@ + dev->ofdev.node = dp; + dev->ofdev.dev.parent = &dev->bus->ofdev.dev; + dev->ofdev.dev.bus = &ebus_bus_type; +- strcpy(dev->ofdev.dev.bus_id, dp->path_component_name); ++ sprintf(dev->ofdev.dev.bus_id, "ebus[%08x]", dp->node); + + /* Register with core */ + if (of_device_register(&dev->ofdev) != 0) + printk(KERN_DEBUG "ebus: device registration error for %s!\n", +- dev->ofdev.dev.bus_id); ++ dp->path_component_name); + + dp = dp->child; + if (dp) { +diff -aur a/arch/sparc64/kernel/isa.c b/arch/sparc64/kernel/isa.c +--- a/arch/sparc64/kernel/isa.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/arch/sparc64/kernel/isa.c 2006-10-27 19:19:51.000000000 -0700 +@@ -115,12 +115,12 @@ + isa_dev->ofdev.node = dp; + isa_dev->ofdev.dev.parent = &isa_br->ofdev.dev; + isa_dev->ofdev.dev.bus = &isa_bus_type; +- strcpy(isa_dev->ofdev.dev.bus_id, dp->path_component_name); ++ sprintf(isa_dev->ofdev.dev.bus_id, "isa[%08x]", dp->node); + + /* Register with core */ + if (of_device_register(&isa_dev->ofdev) != 0) { + printk(KERN_DEBUG "isa: device registration error for %s!\n", +- isa_dev->ofdev.dev.bus_id); ++ dp->path_component_name); + kfree(isa_dev); + goto next_sibling; + } +diff -aur a/arch/sparc64/kernel/of_device.c b/arch/sparc64/kernel/of_device.c +--- a/arch/sparc64/kernel/of_device.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/arch/sparc64/kernel/of_device.c 2006-10-27 19:22:22.000000000 -0700 +@@ -842,7 +842,7 @@ + if (!parent) + strcpy(op->dev.bus_id, "root"); + else +- strcpy(op->dev.bus_id, dp->path_component_name); ++ sprintf(op->dev.bus_id, "%08x", dp->node); + + if (of_device_register(op)) { + printk("%s: Could not register of device.\n", +diff -aur a/drivers/sbus/sbus.c b/drivers/sbus/sbus.c +--- a/drivers/sbus/sbus.c 2006-09-19 20:42:06.000000000 -0700 ++++ b/drivers/sbus/sbus.c 2006-10-27 19:19:51.000000000 -0700 +@@ -61,11 +61,11 @@ + else + sdev->ofdev.dev.parent = &sdev->bus->ofdev.dev; + sdev->ofdev.dev.bus = &sbus_bus_type; +- strcpy(sdev->ofdev.dev.bus_id, dp->path_component_name); ++ sprintf(sdev->ofdev.dev.bus_id, "sbus[%08x]", dp->node); + + if (of_device_register(&sdev->ofdev) != 0) + printk(KERN_DEBUG "sbus: device registration error for %s!\n", +- sdev->ofdev.dev.bus_id); ++ dp->path_component_name); + } + + static void __init sbus_bus_ranges_init(struct device_node *dp, struct sbus_bus *sbus) diff --git a/debian/patches/series/4 b/debian/patches/series/4 index d6c9093c1..847194056 100644 --- a/debian/patches/series/4 +++ b/debian/patches/series/4 @@ -3,3 +3,4 @@ + bugfix/sparc/compat-alloc-user-space-alignment.patch + bugfix/arm/n2100-serial-irq.patch + bugfix/arm/n2100-eth1-irq.patch ++ bugfix/sparc/bus-id-size.patch