r2988 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms@costa.debian.org
Thu, 14 Apr 2005 03:09:07 +0000 

Author: horms
Date: 2005-04-14 03:09:06 +0000 (Thu, 14 Apr 2005)
New Revision: 2988

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff
Removed:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
Log:
Updated VM_IO patch on advice from Dann Frazier

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-04-14 03:09:06 UTC (rev 2988)
@@ -36,8 +36,14 @@
     VIA Rhine driver was releasing an irq in some error situations
     (Simon Horman)
 
- -- Simon Horman <horms@debian.org>  Thu, 14 Apr 2005 11:54:08 +0900
+  * 165_VM_IO.diff added, 140_VM_IO.diff removed:
+    [CAN-2004-1057] Updated fix for DoS from accessing freed kernel pages.
+    The previous fix seems to have cuased some problems and this
+    is the one that is upstream.
+    (Simon Horman, Dann Frazier)
 
+ -- Simon Horman <horms@debian.org>  Thu, 14 Apr 2005 12:03:34 +0900
+
 kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
 
   * There was a stray file in 2.4.27-8. Don't include it this time.

Deleted: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig	2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig	2005-04-14 03:09:06 UTC (rev 2988)
@@ -1,110 +0,0 @@
-# origin: marcelo (BitKeeper)
-# cset: 1.1482 (2.4) key=4244930dPN44h62CZtM0P-qXoOI-7A
-# URL: http://linux.bkbits.net:8080/linux-2.4/cset@4244930dPN44h62CZtM0P-qXoOI-7A
-# inclusion: upstream
-# descrition: CAN-2005-0794: Potential DOS in load_elf_library
-# revision date: Mon, 04 Apr 2005 10:11:32 +0900
-#
-# S rset: ChangeSet|1.1481..1.1482
-# I rset: fs/binfmt_elf.c|1.40..1.41
-#
-# Key:
-# S: Skipped  ChangeSet file only
-# O: Original Followed by Updated
-# U: Updated  Included with updated range of versions
-# I: Included Included verbatim
-# E: Excluded Excluded on request from user
-# D: Deleted  Manually deleted by subsequent user edit
-# R: Revised  Manually revised by subsequent user edit
-#
-#
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# fs/binfmt_elf.c
-#   2005/03/26 00:02:40-03:00 herbert@gondor.apana.org.au +16 -13
-#   CAN-2005-0794: Potential DOS in load_elf_library
-# 
-# ChangeSet
-#   2005/03/25 19:39:09-03:00 marcelo@logos.cnet 
-#   CAN-2005-0794: Potential DOS in load_elf_library
-#   
-#   From: Herbert Xu <herbert@gondor.apana.org.au>
-#   
-#   Yichen Xie <yxie@cs.stanford.edu> points out that load_elf_library can
-#   modify `elf_phdata' before freeing it.
-#   
-#   CAN-2005-0749 is assigned to this issue.
-#   
-#   Signed-off-by: Andrew Morton <akpm@osdl.org>
-#   Signed-off-by: Chris Wright <chrisw@osdl.org>
-#   
-# 
-#
-===== fs/binfmt_elf.c 1.40 vs 1.41 =====
---- 1.40/fs/binfmt_elf.c	2005-01-11 03:57:42 +09:00
-+++ 1.41/fs/binfmt_elf.c	2005-03-26 12:02:40 +09:00
-@@ -926,6 +926,7 @@ out_free_ph:
- static int load_elf_library(struct file *file)
- {
- 	struct elf_phdr *elf_phdata;
-+	struct elf_phdr *eppnt;
- 	unsigned long elf_bss, bss, len;
- 	int retval, error, i, j;
- 	struct elfhdr elf_ex;
-@@ -949,41 +950,43 @@ static int load_elf_library(struct file 
- 	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
- 
- 	error = -ENOMEM;
--	elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
-+	elf_phdata = kmalloc(j, GFP_KERNEL);
- 	if (!elf_phdata)
- 		goto out;
- 
-+	eppnt = elf_phdata;
- 	error = -ENOEXEC;
--	retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
-+	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
- 	if (retval != j)
- 		goto out_free_ph;
- 
- 	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
--		if ((elf_phdata + i)->p_type == PT_LOAD) j++;
-+		if ((eppnt + i)->p_type == PT_LOAD) j++;
- 	if (j != 1)
- 		goto out_free_ph;
- 
--	while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
-+	while (elf_phdata->p_type != PT_LOAD) 
-+		eppnt++;
- 
- 	/* Now use mmap to map the library into memory. */
- 	down_write(&current->mm->mmap_sem);
- 	error = do_mmap(file,
--			ELF_PAGESTART(elf_phdata->p_vaddr),
--			(elf_phdata->p_filesz +
--			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
-+			ELF_PAGESTART(eppnt->p_vaddr),
-+			(eppnt->p_filesz +
-+			 ELF_PAGEOFFSET(eppnt->p_vaddr)),
- 			PROT_READ | PROT_WRITE | PROT_EXEC,
- 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
--			(elf_phdata->p_offset -
--			 ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
-+			(eppnt->p_offset -
-+			 ELF_PAGEOFFSET(eppnt->p_vaddr)));
- 	up_write(&current->mm->mmap_sem);
--	if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
-+	if (error != ELF_PAGESTART(eppnt->p_vaddr))
- 		goto out_free_ph;
- 
--	elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
-+	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
- 	padzero(elf_bss);
- 
--	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
--	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
-+	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
-+	bss = eppnt->p_memsz + eppnt->p_vaddr;
- 	if (bss > len) {
- 		down_write(&current->mm->mmap_sem);
- 		do_brk(len, bss - len);

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff	2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff	2005-04-14 03:09:06 UTC (rev 2988)
@@ -0,0 +1,49 @@
+# origin: marcelo (BitKeeper)
+# cset: 1.1448.1.134 (2.4) key=4238824fdffedsyIDAkzZNeidxjirw
+# URL: http://linux.bkbits.net:8080/linux-2.4/cset@4238824fdffedsyIDAkzZNeidxjirw
+# inclusion: upstream
+# descrition: Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+# revision date: Thu, 14 Apr 2005 11:59:24 +0900
+#
+# S rset: ChangeSet|1.1448.1.133..1.1448.1.134
+# I rset: mm/memory.c|1.64..1.65
+#
+# Key:
+# S: Skipped  ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated  Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted  Manually deleted by subsequent user edit
+# R: Revised  Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2005/03/16 12:25:52-03:00 marcelo@logos.cnet 
+#   Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+# 
+# mm/memory.c
+#   2005/03/16 12:23:35-03:00 marcelo@logos.cnet +5 -3
+#   Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+# 
+#
+===== mm/memory.c 1.64 vs 1.65 =====
+--- 1.64/mm/memory.c	2005-01-11 21:43:40 +09:00
++++ 1.65/mm/memory.c	2005-03-17 00:23:35 +09:00
+@@ -499,9 +499,11 @@ int get_user_pages(struct task_struct *t
+ 				/* FIXME: call the correct function,
+ 				 * depending on the type of the found page
+ 				 */
+-				if (!pages[i])
+-					goto bad_page;
+-				page_cache_get(pages[i]);
++				if (!pages[i] || PageReserved(pages[i])) {
++					if (pages[i] != ZERO_PAGE(start))
++						goto bad_page;
++				} else
++					page_cache_get(pages[i]);
+ 			}
+ 			if (vmas)
+ 				vmas[i] = vma;

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10	2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10	2005-04-14 03:09:06 UTC (rev 2988)
@@ -8,4 +8,6 @@
 + 160_drivers-net-sis900-oops.diff
 + 161_drivers-net-amd8111e-irq.diff
 + 162_drivers-net-via-rhine-irq.diff
+- 140_VM_IO.diff   
++ 163_VM_IO.diff