[Glibc-bsd-commits] r5484 - branches/wheezy/kfreebsd-9/debian/patches

Tue Jun 3 20:35:09 UTC 2014

Author: stevenc-guest
Date: 2014-06-03 20:35:09 +0000 (Tue, 03 Jun 2014)
New Revision: 5484

Added:
   branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch
Removed:
   branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch
Modified:
   branches/wheezy/kfreebsd-9/debian/patches/series
Log:
* Adjust EN-14:06 patch name to match upstream announcement
* Add link to upstream advisory in patch headers


Copied: branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch (from rev 5483, branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch)
===================================================================

--- branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch	                        (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.exec.patch	2014-06-03 20:35:09 UTC (rev 5484)
@@ -0,0 +1,70 @@
+Description:
+ Fix triple fault on execve from 64-bit thread to 32-bit process. [EN-14:06]
+ (CVE-2014-3880)
+Origin: backport, commit:266585
+Bug: http://security.freebsd.org/advisories/FreeBSD-EN-14:06.exec.asc
+Bug-Debian: http://bugs.debian.org/743141
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=266585
+
+--- kfreebsd-9-9.0.orig/sys/sys/proc.h
++++ kfreebsd-9-9.0/sys/sys/proc.h
+@@ -412,6 +412,7 @@
+ #define	TDP_CALLCHAIN	0x00400000 /* Capture thread's callchain */
+ #define	TDP_IGNSUSP	0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
+ #define	TDP_AUDITREC	0x01000000 /* Audit record pending on thread */
++#define	TDP_EXECVMSPC	0x40000000 /* Execve destroyed old vmspace */
+ 
+ /*
+  * Reasons that the current thread can not be run yet.
+--- kfreebsd-9-9.0.orig/sys/kern/kern_exec.c
++++ kfreebsd-9-9.0/sys/kern/kern_exec.c
+@@ -279,6 +279,7 @@
+ 	struct mac *mac_p;
+ {
+ 	struct proc *p = td->td_proc;
++	struct vmspace *oldvmspace;
+ 	int error;
+ 
+ 	AUDIT_ARG_ARGV(args->begin_argv, args->argc,
+@@ -295,6 +296,8 @@
+ 		PROC_UNLOCK(p);
+ 	}
+ 
++	KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
++	oldvmspace = td->td_proc->p_vmspace;
+ 	error = do_execve(td, args, mac_p);
+ 
+ 	if (p->p_flag & P_HADTHREADS) {
+@@ -309,6 +312,12 @@
+ 			thread_single_end();
+ 		PROC_UNLOCK(p);
+ 	}
++	if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
++		KASSERT(td->td_proc->p_vmspace != oldvmspace,
++		    ("oldvmspace still used"));
++		vmspace_free(oldvmspace);
++		td->td_pflags &= ~TDP_EXECVMSPC;
++	}
+ 
+ 	return (error);
+ }
+--- kfreebsd-9-9.0.orig/sys/vm/vm_map.c
++++ kfreebsd-9-9.0/sys/vm/vm_map.c
+@@ -3574,6 +3574,8 @@
+ 	struct vmspace *oldvmspace = p->p_vmspace;
+ 	struct vmspace *newvmspace;
+ 
++	KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
++	    ("vmspace_exec recursed"));
+ 	newvmspace = vmspace_alloc(minuser, maxuser);
+ 	if (newvmspace == NULL)
+ 		return (ENOMEM);
+@@ -3590,7 +3592,7 @@
+ 	PROC_VMSPACE_UNLOCK(p);
+ 	if (p == curthread->td_proc)
+ 		pmap_activate(curthread);
+-	vmspace_free(oldvmspace);
++	curthread->td_pflags |= TDP_EXECVMSPC;
+ 	return (0);
+ }
+ 

Deleted: branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch	2014-06-02 13:14:58 UTC (rev 5483)
+++ branches/wheezy/kfreebsd-9/debian/patches/EN-14_06.execve.patch	2014-06-03 20:35:09 UTC (rev 5484)
@@ -1,69 +0,0 @@
-Description:
- Fix triple fault on execve from 64-bit thread to 32-bit process. [EN-14:06]
- (CVE-2014-3880)
-Origin: backport, commit:266585
-Bug-Debian: http://bugs.debian.org/743141
-Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=266585
-
---- kfreebsd-9-9.0.orig/sys/sys/proc.h
-+++ kfreebsd-9-9.0/sys/sys/proc.h
-@@ -412,6 +412,7 @@
- #define	TDP_CALLCHAIN	0x00400000 /* Capture thread's callchain */
- #define	TDP_IGNSUSP	0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
- #define	TDP_AUDITREC	0x01000000 /* Audit record pending on thread */
-+#define	TDP_EXECVMSPC	0x40000000 /* Execve destroyed old vmspace */
- 
- /*
-  * Reasons that the current thread can not be run yet.
---- kfreebsd-9-9.0.orig/sys/kern/kern_exec.c
-+++ kfreebsd-9-9.0/sys/kern/kern_exec.c
-@@ -279,6 +279,7 @@
- 	struct mac *mac_p;
- {
- 	struct proc *p = td->td_proc;
-+	struct vmspace *oldvmspace;
- 	int error;
- 
- 	AUDIT_ARG_ARGV(args->begin_argv, args->argc,
-@@ -295,6 +296,8 @@
- 		PROC_UNLOCK(p);
- 	}
- 
-+	KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve"));
-+	oldvmspace = td->td_proc->p_vmspace;
- 	error = do_execve(td, args, mac_p);
- 
- 	if (p->p_flag & P_HADTHREADS) {
-@@ -309,6 +312,12 @@
- 			thread_single_end();
- 		PROC_UNLOCK(p);
- 	}
-+	if ((td->td_pflags & TDP_EXECVMSPC) != 0) {
-+		KASSERT(td->td_proc->p_vmspace != oldvmspace,
-+		    ("oldvmspace still used"));
-+		vmspace_free(oldvmspace);
-+		td->td_pflags &= ~TDP_EXECVMSPC;
-+	}
- 
- 	return (error);
- }
---- kfreebsd-9-9.0.orig/sys/vm/vm_map.c
-+++ kfreebsd-9-9.0/sys/vm/vm_map.c
-@@ -3574,6 +3574,8 @@
- 	struct vmspace *oldvmspace = p->p_vmspace;
- 	struct vmspace *newvmspace;
- 
-+	KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0,
-+	    ("vmspace_exec recursed"));
- 	newvmspace = vmspace_alloc(minuser, maxuser);
- 	if (newvmspace == NULL)
- 		return (ENOMEM);
-@@ -3590,7 +3592,7 @@
- 	PROC_VMSPACE_UNLOCK(p);
- 	if (p == curthread->td_proc)
- 		pmap_activate(curthread);
--	vmspace_free(oldvmspace);
-+	curthread->td_pflags |= TDP_EXECVMSPC;
- 	return (0);
- }
- 

Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series	2014-06-02 13:14:58 UTC (rev 5483)
+++ branches/wheezy/kfreebsd-9/debian/patches/series	2014-06-03 20:35:09 UTC (rev 5484)
@@ -20,7 +20,7 @@
 fix_lseek_zfs.diff
 SA-14_05.nfsserver.patch
 SA-14_08.tcp.patch
-EN-14_06.execve.patch
+EN-14_06.exec.patch
 
 # Other patches that might or might not be mergeable
 001_misc.diff


