r2042 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series

Andres Salomon dilinger-guest@haydn.debian.org
Thu, 23 Dec 2004 22:06:41 -0700 

Author: dilinger-guest
Date: 2004-12-23 22:06:14 -0700 (Thu, 23 Dec 2004)
New Revision: 2042

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/arch-x86_64-signal-bug.dpatch
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/arch-x86_64-signal-bug.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
Log:
  * [x86_64] Fix nasty little signal bug, where orig_rax was assumed
    to be unsigned.  Andi Kleen assures me it's not exploitable, but
    better to be safe than sorry (Andres Salomon).


Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2004-12-24 05:06:14 UTC (rev 2042)
@@ -61,6 +61,10 @@
     http://seclists.org/lists/bugtraq/2004/Dec/0214.html for additional
     details (Andres Salomon).
 
+  * [x86_64] Fix nasty little signal bug, where orig_rax was assumed
+    to be unsigned.  Andi Kleen assures me it's not exploitable, but
+    better to be safe than sorry (Andres Salomon).
+
  -- dann frazier <dannf@debian.org>  Fri, 03 Dec 2004 00:13:41 -0700
 
 kernel-source-2.6.8 (2.6.8-10) unstable; urgency=high

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/arch-x86_64-signal-bug.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/arch-x86_64-signal-bug.dpatch	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/arch-x86_64-signal-bug.dpatch	2004-12-24 05:06:14 UTC (rev 2042)
@@ -0,0 +1,62 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: x86_64: fix syscall/signal restart bug
+## DP: Patch author: Andi Kleen <ak@suse.de>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/20 16:06:46-08:00 ak@suse.de 
+#   [PATCH] x86_64: fix syscall/signal restart bug
+#   
+#   Fix a pretty bad bug that caused sometimes signals on x86-64
+#   to be restarted like system calls. This corrupted the RIP and
+#   in general caused undesirable effects.
+#   
+#   The problem happens because orig_rax is unsigned on x86-64,
+#   but it originally was signed when the signal code was written.
+#   And the if (orig_rax >= 0) ended up always true.
+#   And gcc didn't warn about this, because the warning is only in 
+#   -Wextra. 
+#   
+#   In 2.4 we still had a cast for it, but somehow it got dropped
+#   in 2.5.
+#   
+#   Credit goes to John Slice for tracking it down and Erich Boleyn
+#   for the original fix. All blame to me. I fixed it at another
+#   place too.
+#   
+#   Signed-off-by: Andi Kleen <ak@suse.de>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# arch/x86_64/kernel/signal.c
+#   2004/12/20 16:06:38-08:00 ak@suse.de +2 -2
+#   x86_64: fix syscall/signal restart bug
+# 
+diff -Nru a/arch/x86_64/kernel/signal.c b/arch/x86_64/kernel/signal.c
+--- a/arch/x86_64/kernel/signal.c	2004-12-23 20:53:43 -08:00
++++ b/arch/x86_64/kernel/signal.c	2004-12-23 20:53:44 -08:00
+@@ -357,7 +357,7 @@
+ #endif
+ 
+ 	/* Are we from a system call? */
+-	if (regs->orig_rax >= 0) {
++	if ((long)regs->orig_rax >= 0) {
+ 		/* If so, check system call restarting.. */
+ 		switch (regs->rax) {
+ 		        case -ERESTART_RESTARTBLOCK:
+@@ -442,7 +442,7 @@
+ 
+  no_signal:
+ 	/* Did we come from a system call? */
+-	if (regs->orig_rax >= 0) {
++	if ((long)regs->orig_rax >= 0) {
+ 		/* Restart the system call - no handlers present */
+ 		long res = regs->rax;
+ 		if (res == -ERESTARTNOHAND ||

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-11	2004-12-24 05:06:14 UTC (rev 2042)
@@ -20,3 +20,4 @@
 + vt-of-death.dpatch
 + drivers-usb-storage-revoltec.dpatch
 + kernel_read-result-validation.dpatch
++ arch-x86_64-signal-bug.dpatch

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2004-12-24 05:06:14 UTC (rev 2042)
@@ -66,6 +66,10 @@
     http://seclists.org/lists/bugtraq/2004/Dec/0214.html for additional
     details (Andres Salomon).
 
+  * [x86_64] Fix nasty little signal bug, where orig_rax was assumed
+    to be unsigned.  Andi Kleen assures me it's not exploitable, but
+    better to be safe than sorry (Andres Salomon).
+
  -- dann frazier <dannf@debian.org>  Fri, 03 Dec 2004 09:26:52 -0700
 
 kernel-source-2.6.9 (2.6.9-3) unstable; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/arch-x86_64-signal-bug.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/arch-x86_64-signal-bug.dpatch	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/arch-x86_64-signal-bug.dpatch	2004-12-24 05:06:14 UTC (rev 2042)
@@ -0,0 +1,62 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: x86_64: fix syscall/signal restart bug
+## DP: Patch author: Andi Kleen <ak@suse.de>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/20 16:06:46-08:00 ak@suse.de 
+#   [PATCH] x86_64: fix syscall/signal restart bug
+#   
+#   Fix a pretty bad bug that caused sometimes signals on x86-64
+#   to be restarted like system calls. This corrupted the RIP and
+#   in general caused undesirable effects.
+#   
+#   The problem happens because orig_rax is unsigned on x86-64,
+#   but it originally was signed when the signal code was written.
+#   And the if (orig_rax >= 0) ended up always true.
+#   And gcc didn't warn about this, because the warning is only in 
+#   -Wextra. 
+#   
+#   In 2.4 we still had a cast for it, but somehow it got dropped
+#   in 2.5.
+#   
+#   Credit goes to John Slice for tracking it down and Erich Boleyn
+#   for the original fix. All blame to me. I fixed it at another
+#   place too.
+#   
+#   Signed-off-by: Andi Kleen <ak@suse.de>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# arch/x86_64/kernel/signal.c
+#   2004/12/20 16:06:38-08:00 ak@suse.de +2 -2
+#   x86_64: fix syscall/signal restart bug
+# 
+diff -Nru a/arch/x86_64/kernel/signal.c b/arch/x86_64/kernel/signal.c
+--- a/arch/x86_64/kernel/signal.c	2004-12-23 20:53:43 -08:00
++++ b/arch/x86_64/kernel/signal.c	2004-12-23 20:53:44 -08:00
+@@ -357,7 +357,7 @@
+ #endif
+ 
+ 	/* Are we from a system call? */
+-	if (regs->orig_rax >= 0) {
++	if ((long)regs->orig_rax >= 0) {
+ 		/* If so, check system call restarting.. */
+ 		switch (regs->rax) {
+ 		        case -ERESTART_RESTARTBLOCK:
+@@ -442,7 +442,7 @@
+ 
+  no_signal:
+ 	/* Did we come from a system call? */
+-	if (regs->orig_rax >= 0) {
++	if ((long)regs->orig_rax >= 0) {
+ 		/* Restart the system call - no handlers present */
+ 		long res = regs->rax;
+ 		if (res == -ERESTARTNOHAND ||

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4	2004-12-24 04:52:44 UTC (rev 2041)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-4	2004-12-24 05:06:14 UTC (rev 2042)
@@ -21,3 +21,4 @@
 + vt-of-death.dpatch
 + drivers-usb-storage-revoltec.dpatch
 + kernel_read-result-validation.dpatch
++ arch-x86_64-signal-bug.dpatch