r1902 - in trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian: . patches patches/series
Andres Salomon
dilinger-guest@haydn.debian.org
Wed, 24 Nov 2004 22:37:00 -0700
Author: dilinger-guest
Date: 2004-11-24 22:36:26 -0700 (Wed, 24 Nov 2004)
New Revision: 1902
Added:
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/s390-sacf-fix.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-3
Log:
* [SECURITY] s390: sacf local root exploit (CAN-2004-0887) (Andres Salomon).
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-11-25 05:26:53 UTC (rev 1901)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2004-11-25 05:36:26 UTC (rev 1902)
@@ -6,6 +6,8 @@
* [SECURITY] Further binfmt_elf fixes, and binfmt_aout fixes as well
(Andres Salomon).
+ * [SECURITY] s390: sacf local root exploit (CAN-2004-0887) (Andres Salomon).
+
-- Andres Salomon <dilinger@voxel.net> Thu, 25 Nov 2004 00:20:47 -0500
kernel-source-2.6.9 (2.6.9-2) unstable; urgency=low
Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/s390-sacf-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/s390-sacf-fix.dpatch 2004-11-25 05:26:53 UTC (rev 1901)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/s390-sacf-fix.dpatch 2004-11-25 05:36:26 UTC (rev 1902)
@@ -0,0 +1,63 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: s390: sacf local root exploit (CAN-2004-0887)
+## DP: Patch author: Martin Schwidefsky <schwidefsky@de.ibm.com>
+## DP: Upstream status: backport
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/10/25 18:09:17-07:00 schwidefsky@de.ibm.com
+# [PATCH] s390: sacf local root exploit (CAN-2004-0887)
+#
+# s390 core changes:
+# - Force user process back to home space mode in space switch event
+# exception handler.
+#
+# Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+# Signed-off-by: Andrew Morton <akpm@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# arch/s390/kernel/traps.c
+# 2004/10/25 13:18:42-07:00 schwidefsky@de.ibm.com +16 -1
+# s390: sacf local root exploit (CAN-2004-0887)
+#
+diff -Nru a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c
+--- a/arch/s390/kernel/traps.c 2004-11-24 21:33:06 -08:00
++++ b/arch/s390/kernel/traps.c 2004-11-24 21:33:06 -08:00
+@@ -630,6 +630,21 @@
+ }
+ }
+
++asmlinkage void space_switch_exception(struct pt_regs * regs, long int_code)
++{
++ siginfo_t info;
++
++ /* Set user psw back to home space mode. */
++ if (regs->psw.mask & PSW_MASK_PSTATE)
++ regs->psw.mask |= PSW_ASC_HOME;
++ /* Send SIGILL. */
++ info.si_signo = SIGILL;
++ info.si_errno = 0;
++ info.si_code = ILL_PRVOPC;
++ info.si_addr = get_check_address(regs);
++ do_trap(int_code, SIGILL, "space switch event", regs, &info);
++}
++
+ asmlinkage void kernel_stack_overflow(struct pt_regs * regs)
+ {
+ die("Kernel stack overflow", regs, 0);
+@@ -673,7 +688,7 @@
+ pgm_check_table[0x3B] = &do_dat_exception;
+ #endif /* CONFIG_ARCH_S390X */
+ pgm_check_table[0x15] = &operand_exception;
+- pgm_check_table[0x1C] = &privileged_op;
++ pgm_check_table[0x1C] = &space_switch_exception;
+ pgm_check_table[0x1D] = &hfp_sqrt_exception;
+ pgm_check_table[0x40] = &do_monitor_call;
+
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-3
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-3 2004-11-25 05:26:53 UTC (rev 1901)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-3 2004-11-25 05:36:26 UTC (rev 1902)
@@ -1,3 +1,4 @@
+ dm_io-ENOMEM-goof.dpatch
+ elf-loader-fixes-the-return.dpatch
+ aout-loader-fixes.dpatch
++ s390-sacf-fix.dpatch