r2988 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Simon Horman
horms@costa.debian.org
Thu, 14 Apr 2005 03:09:07 +0000
Author: horms
Date: 2005-04-14 03:09:06 +0000 (Thu, 14 Apr 2005)
New Revision: 2988
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff
Removed:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
Log:
Updated VM_IO patch on advice from Dann Frazier
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-04-14 03:09:06 UTC (rev 2988)
@@ -36,8 +36,14 @@
VIA Rhine driver was releasing an irq in some error situations
(Simon Horman)
- -- Simon Horman <horms@debian.org> Thu, 14 Apr 2005 11:54:08 +0900
+ * 165_VM_IO.diff added, 140_VM_IO.diff removed:
+ [CAN-2004-1057] Updated fix for DoS from accessing freed kernel pages.
+ The previous fix seems to have cuased some problems and this
+ is the one that is upstream.
+ (Simon Horman, Dann Frazier)
+ -- Simon Horman <horms@debian.org> Thu, 14 Apr 2005 12:03:34 +0900
+
kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
* There was a stray file in 2.4.27-8. Don't include it this time.
Deleted: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig 2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/158_fs-binfmt_elf-dos.diff.orig 2005-04-14 03:09:06 UTC (rev 2988)
@@ -1,110 +0,0 @@
-# origin: marcelo (BitKeeper)
-# cset: 1.1482 (2.4) key=4244930dPN44h62CZtM0P-qXoOI-7A
-# URL: http://linux.bkbits.net:8080/linux-2.4/cset@4244930dPN44h62CZtM0P-qXoOI-7A
-# inclusion: upstream
-# descrition: CAN-2005-0794: Potential DOS in load_elf_library
-# revision date: Mon, 04 Apr 2005 10:11:32 +0900
-#
-# S rset: ChangeSet|1.1481..1.1482
-# I rset: fs/binfmt_elf.c|1.40..1.41
-#
-# Key:
-# S: Skipped ChangeSet file only
-# O: Original Followed by Updated
-# U: Updated Included with updated range of versions
-# I: Included Included verbatim
-# E: Excluded Excluded on request from user
-# D: Deleted Manually deleted by subsequent user edit
-# R: Revised Manually revised by subsequent user edit
-#
-#
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# fs/binfmt_elf.c
-# 2005/03/26 00:02:40-03:00 herbert@gondor.apana.org.au +16 -13
-# CAN-2005-0794: Potential DOS in load_elf_library
-#
-# ChangeSet
-# 2005/03/25 19:39:09-03:00 marcelo@logos.cnet
-# CAN-2005-0794: Potential DOS in load_elf_library
-#
-# From: Herbert Xu <herbert@gondor.apana.org.au>
-#
-# Yichen Xie <yxie@cs.stanford.edu> points out that load_elf_library can
-# modify `elf_phdata' before freeing it.
-#
-# CAN-2005-0749 is assigned to this issue.
-#
-# Signed-off-by: Andrew Morton <akpm@osdl.org>
-# Signed-off-by: Chris Wright <chrisw@osdl.org>
-#
-#
-#
-===== fs/binfmt_elf.c 1.40 vs 1.41 =====
---- 1.40/fs/binfmt_elf.c 2005-01-11 03:57:42 +09:00
-+++ 1.41/fs/binfmt_elf.c 2005-03-26 12:02:40 +09:00
-@@ -926,6 +926,7 @@ out_free_ph:
- static int load_elf_library(struct file *file)
- {
- struct elf_phdr *elf_phdata;
-+ struct elf_phdr *eppnt;
- unsigned long elf_bss, bss, len;
- int retval, error, i, j;
- struct elfhdr elf_ex;
-@@ -949,41 +950,43 @@ static int load_elf_library(struct file
- /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
-
- error = -ENOMEM;
-- elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
-+ elf_phdata = kmalloc(j, GFP_KERNEL);
- if (!elf_phdata)
- goto out;
-
-+ eppnt = elf_phdata;
- error = -ENOEXEC;
-- retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, j);
-+ retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
- if (retval != j)
- goto out_free_ph;
-
- for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
-- if ((elf_phdata + i)->p_type == PT_LOAD) j++;
-+ if ((eppnt + i)->p_type == PT_LOAD) j++;
- if (j != 1)
- goto out_free_ph;
-
-- while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
-+ while (elf_phdata->p_type != PT_LOAD)
-+ eppnt++;
-
- /* Now use mmap to map the library into memory. */
- down_write(¤t->mm->mmap_sem);
- error = do_mmap(file,
-- ELF_PAGESTART(elf_phdata->p_vaddr),
-- (elf_phdata->p_filesz +
-- ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
-+ ELF_PAGESTART(eppnt->p_vaddr),
-+ (eppnt->p_filesz +
-+ ELF_PAGEOFFSET(eppnt->p_vaddr)),
- PROT_READ | PROT_WRITE | PROT_EXEC,
- MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
-- (elf_phdata->p_offset -
-- ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
-+ (eppnt->p_offset -
-+ ELF_PAGEOFFSET(eppnt->p_vaddr)));
- up_write(¤t->mm->mmap_sem);
-- if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
-+ if (error != ELF_PAGESTART(eppnt->p_vaddr))
- goto out_free_ph;
-
-- elf_bss = elf_phdata->p_vaddr + elf_phdata->p_filesz;
-+ elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
- padzero(elf_bss);
-
-- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
-- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
-+ len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
-+ bss = eppnt->p_memsz + eppnt->p_vaddr;
- if (bss > len) {
- down_write(¤t->mm->mmap_sem);
- do_brk(len, bss - len);
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff 2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/163_VM_IO.diff 2005-04-14 03:09:06 UTC (rev 2988)
@@ -0,0 +1,49 @@
+# origin: marcelo (BitKeeper)
+# cset: 1.1448.1.134 (2.4) key=4238824fdffedsyIDAkzZNeidxjirw
+# URL: http://linux.bkbits.net:8080/linux-2.4/cset@4238824fdffedsyIDAkzZNeidxjirw
+# inclusion: upstream
+# descrition: Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+# revision date: Thu, 14 Apr 2005 11:59:24 +0900
+#
+# S rset: ChangeSet|1.1448.1.133..1.1448.1.134
+# I rset: mm/memory.c|1.64..1.65
+#
+# Key:
+# S: Skipped ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted Manually deleted by subsequent user edit
+# R: Revised Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/03/16 12:25:52-03:00 marcelo@logos.cnet
+# Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+#
+# mm/memory.c
+# 2005/03/16 12:23:35-03:00 marcelo@logos.cnet +5 -3
+# Andrea Arcangeli: get_user_pages() shall not grab PG_reserved pages
+#
+#
+===== mm/memory.c 1.64 vs 1.65 =====
+--- 1.64/mm/memory.c 2005-01-11 21:43:40 +09:00
++++ 1.65/mm/memory.c 2005-03-17 00:23:35 +09:00
+@@ -499,9 +499,11 @@ int get_user_pages(struct task_struct *t
+ /* FIXME: call the correct function,
+ * depending on the type of the found page
+ */
+- if (!pages[i])
+- goto bad_page;
+- page_cache_get(pages[i]);
++ if (!pages[i] || PageReserved(pages[i])) {
++ if (pages[i] != ZERO_PAGE(start))
++ goto bad_page;
++ } else
++ page_cache_get(pages[i]);
+ }
+ if (vmas)
+ vmas[i] = vma;
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10 2005-04-14 02:57:07 UTC (rev 2987)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10 2005-04-14 03:09:06 UTC (rev 2988)
@@ -8,4 +8,6 @@
+ 160_drivers-net-sis900-oops.diff
+ 161_drivers-net-amd8111e-irq.diff
+ 162_drivers-net-via-rhine-irq.diff
+- 140_VM_IO.diff
++ 163_VM_IO.diff