r1895 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series
dilinger-guest@haydn.debian.org
dilinger-guest@haydn.debian.org
Wed, 24 Nov 2004 13:33:57 -0700
Author: dilinger-guest
Date: 2004-11-24 13:25:44 -0700 (Wed, 24 Nov 2004)
New Revision: 1895
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-sacf-fix.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-10
Log:
* [SECURITY] Fix s390 local root exploit (CAN-2004-0887) (Andres Salomon).
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-11-24 19:59:53 UTC (rev 1894)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2004-11-24 20:25:44 UTC (rev 1895)
@@ -9,6 +9,8 @@
* Make sparc32-initrd-memcpy.dpatch just the diff, not the mail message
that came with it. (Joshua Kwan)
+ * [SECURITY] Fix s390 local root exploit (CAN-2004-0887) (Andres Salomon).
+
-- Joshua Kwan <joshk@triplehelix.org> Wed, 24 Nov 2004 11:58:57 -0800
kernel-source-2.6.8 (2.6.8-9) unstable; urgency=high
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-sacf-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-sacf-fix.dpatch 2004-11-24 19:59:53 UTC (rev 1894)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-sacf-fix.dpatch 2004-11-24 20:25:44 UTC (rev 1895)
@@ -0,0 +1,61 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: s390: sacf local root exploit (CAN-2004-0887)
+## DP: Patch author: Martin Schwidefsky <schwidefsky@de.ibm.com>; backported to 2.6.8 by Andres Salomon
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/10/25 18:09:17-07:00 schwidefsky@de.ibm.com
+# [PATCH] s390: sacf local root exploit (CAN-2004-0887)
+#
+# s390 core changes:
+# - Force user process back to home space mode in space switch event
+# exception handler.
+#
+# Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+# Signed-off-by: Andrew Morton <akpm@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# arch/s390/kernel/traps.c
+# 2004/10/25 13:18:42-07:00 schwidefsky@de.ibm.com +16 -1
+# s390: sacf local root exploit (CAN-2004-0887)
+#
+--- a/arch/s390/kernel/traps.c 2004-11-24 15:17:52.000000000 -0500
++++ b/arch/s390/kernel/traps.c 2004-11-24 15:20:31.000000000 -0500
+@@ -591,6 +591,20 @@
+ }
+ }
+
++asmlinkage void space_switch_exception(struct pt_regs * regs, long int_code)
++{
++ siginfo_t info;
++
++ /* Set user psw back to home space mode. */
++ if (regs->psw.mask & PSW_MASK_PSTATE)
++ regs->psw.mask |= PSW_ASC_HOME;
++ /* Send SIGILL. */
++ info.si_signo = SIGILL;
++ info.si_errno = 0;
++ info.si_code = ILL_PRVOPC;
++ info.si_addr = get_check_address(regs);
++ do_trap(int_code, SIGILL, "space switch event", regs, &info);
++}
+
+
+ /* init is done in lowcore.S and head.S */
+@@ -629,7 +643,7 @@
+ pgm_check_table[0x3B] = &do_dat_exception;
+ #endif /* CONFIG_ARCH_S390X */
+ pgm_check_table[0x15] = &operand_exception;
+- pgm_check_table[0x1C] = &privileged_op;
++ pgm_check_table[0x1C] = &space_switch_exception;
+ pgm_check_table[0x1D] = &hfp_sqrt_exception;
+ pgm_check_table[0x40] = &do_monitor_call;
+
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-10
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-10 2004-11-24 19:59:53 UTC (rev 1894)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-10 2004-11-24 20:25:44 UTC (rev 1895)
@@ -1,2 +1,3 @@
+ aic7xxx-delay_h-update.dpatch
+ tty-locking-fixes9.dpatch
++ s390-sacf-fix.dpatch