[Glibc-bsd-commits] r5484 - branches/wheezy/kfreebsd-9/debian/patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Tue Jun 3 20:35:09 UTC 2014
Author: stevenc-guest
Date: 2014-06-03 20:35:09 +0000 (Tue, 03 Jun 2014)
New Revision: 5484
Added:
branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch
Removed:
branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch
Modified:
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
* Adjust EN-14:06 patch name to match upstream announcement
* Add link to upstream advisory in patch headers
Copied: branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch (from rev 5483, branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch)
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch 2014-06-03 20:35:09 UTC (rev 5484)
@@ -0,0 +1,70 @@
+Description:
+ Fix triple fault on execve from 64-bit thread to 32-bit process. [EN-14:06]
+ (CVE-2014-3880)
+Origin: backport, commit:266585
+Bug: http://security.freebsd.org/advisories/FreeBSD-EN-14:06.exec.asc
+Bug-Debian: http://bugs.debian.org/743141
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=266585
+
+--- kfreebsd-9-9.0.orig/sys/sys/proc.h
++++ kfreebsd-9-9.0/sys/sys/proc.h
+@@ -412,6 +412,7 @@
+ #define TDP_CALLCHAIN 0x00400000 /* Capture thread's callchain */
+ #define TDP_IGNSUSP 0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
+ #define TDP_AUDITREC 0x01000000 /* Audit record pending on thread */
++#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */
+
+ /*
+ * Reasons that the current thread can not be run yet.
+--- kfreebsd-9-9.0.orig/sys/kern/kern_exec.c
++++ kfreebsd-9-9.0/sys/kern/kern_exec.c
+@@ -279,6 +279,7 @@
+ struct mac *mac_p;
+ {
+ struct proc *p = td->td_proc;
++ struct vmspace *oldvmspace;
+ int error;
+
+ AUDIT_ARG_ARGV(args->begin_argv, args->argc,
+@@ -295,6 +296,8 @@
+ PROC_UNLOCK(p);
+ }
+
++ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
++ oldvmspace = td->td_proc->p_vmspace;
+ error = do_execve(td, args, mac_p);
+
+ if (p->p_flag & P_HADTHREADS) {
+@@ -309,6 +312,12 @@
+ thread_single_end();
+ PROC_UNLOCK(p);
+ }
++ if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
++ KASSERT(td->td_proc->p_vmspace != oldvmspace,
++ ("oldvmspace still used"));
++ vmspace_free(oldvmspace);
++ td->td_pflags &= ~TDP_EXECVMSPC;
++ }
+
+ return (error);
+ }
+--- kfreebsd-9-9.0.orig/sys/vm/vm_map.c
++++ kfreebsd-9-9.0/sys/vm/vm_map.c
+@@ -3574,6 +3574,8 @@
+ struct vmspace *oldvmspace = p->p_vmspace;
+ struct vmspace *newvmspace;
+
++ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
++ ("vmspace_exec recursed"));
+ newvmspace = vmspace_alloc(minuser, maxuser);
+ if (newvmspace == NULL)
+ return (ENOMEM);
+@@ -3590,7 +3592,7 @@
+ PROC_VMSPACE_UNLOCK(p);
+ if (p == curthread->td_proc)
+ pmap_activate(curthread);
+- vmspace_free(oldvmspace);
++ curthread->td_pflags |= TDP_EXECVMSPC;
+ return (0);
+ }
+
Deleted: branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch 2014-06-02 13:14:58 UTC (rev 5483)
+++ branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch 2014-06-03 20:35:09 UTC (rev 5484)
@@ -1,69 +0,0 @@
-Description:
- Fix triple fault on execve from 64-bit thread to 32-bit process. [EN-14:06]
- (CVE-2014-3880)
-Origin: backport, commit:266585
-Bug-Debian: http://bugs.debian.org/743141
-Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=266585
-
---- kfreebsd-9-9.0.orig/sys/sys/proc.h
-+++ kfreebsd-9-9.0/sys/sys/proc.h
-@@ -412,6 +412,7 @@
- #define TDP_CALLCHAIN 0x00400000 /* Capture thread's callchain */
- #define TDP_IGNSUSP 0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
- #define TDP_AUDITREC 0x01000000 /* Audit record pending on thread */
-+#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */
-
- /*
- * Reasons that the current thread can not be run yet.
---- kfreebsd-9-9.0.orig/sys/kern/kern_exec.c
-+++ kfreebsd-9-9.0/sys/kern/kern_exec.c
-@@ -279,6 +279,7 @@
- struct mac *mac_p;
- {
- struct proc *p = td->td_proc;
-+ struct vmspace *oldvmspace;
- int error;
-
- AUDIT_ARG_ARGV(args->begin_argv, args->argc,
-@@ -295,6 +296,8 @@
- PROC_UNLOCK(p);
- }
-
-+ KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
-+ oldvmspace = td->td_proc->p_vmspace;
- error = do_execve(td, args, mac_p);
-
- if (p->p_flag & P_HADTHREADS) {
-@@ -309,6 +312,12 @@
- thread_single_end();
- PROC_UNLOCK(p);
- }
-+ if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
-+ KASSERT(td->td_proc->p_vmspace != oldvmspace,
-+ ("oldvmspace still used"));
-+ vmspace_free(oldvmspace);
-+ td->td_pflags &= ~TDP_EXECVMSPC;
-+ }
-
- return (error);
- }
---- kfreebsd-9-9.0.orig/sys/vm/vm_map.c
-+++ kfreebsd-9-9.0/sys/vm/vm_map.c
-@@ -3574,6 +3574,8 @@
- struct vmspace *oldvmspace = p->p_vmspace;
- struct vmspace *newvmspace;
-
-+ KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
-+ ("vmspace_exec recursed"));
- newvmspace = vmspace_alloc(minuser, maxuser);
- if (newvmspace == NULL)
- return (ENOMEM);
-@@ -3590,7 +3592,7 @@
- PROC_VMSPACE_UNLOCK(p);
- if (p == curthread->td_proc)
- pmap_activate(curthread);
-- vmspace_free(oldvmspace);
-+ curthread->td_pflags |= TDP_EXECVMSPC;
- return (0);
- }
-
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2014-06-02 13:14:58 UTC (rev 5483)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2014-06-03 20:35:09 UTC (rev 5484)
@@ -20,7 +20,7 @@
fix_lseek_zfs.diff
SA-14_05.nfsserver.patch
SA-14_08.tcp.patch
-EN-14_06.execve.patch
+EN-14_06.exec.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list