r3624 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Fri Jul 29 04:21:15 UTC 2005 

Author: horms
Date: 2005-07-29 04:21:14 +0000 (Fri, 29 Jul 2005)
New Revision: 3624

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
This works around an AMD Erratum by checking if the ptrace RIP is canonical. See CAN-2005-1761 and CAN-2005-1762

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-07-29 04:21:14 UTC (rev 3624)
@@ -3,13 +3,19 @@
   * 167_arch-ia64-x86_64_execve.diff:
      Race condition in the ia32 compatibility code for the execve system call
      See CAN-2005-1768. (closes: #319629). (Simon Horman)
+
   * 168_fs_ext3_64bit_offset.diff:
     Incorrect offset checks for ext3 xattr on 64 bit architectures
     can lead to a local DoS.
     See CAN-2005-0757. (closes: #311164). (Simon Horman)
 
- -- Simon Horman <horms at debian.org>  Fri, 29 Jul 2005 12:15:18 +0900
+  * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch,
+    169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
+    This works around an AMD Erratum by checking if the ptrace RIP is canonical.
+    See CAN-2005-1761 and CAN-2005-1762 (Simon Horman)
 
+ -- Simon Horman <horms at debian.org>  Fri, 29 Jul 2005 13:19:23 +0900
+
 kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
 
   * 155_net-bluetooth-signdness-fix.diff:

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff	2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff	2005-07-29 04:21:14 UTC (rev 3624)
@@ -0,0 +1,38 @@
+commit 2e7fe37125e00cf9090416345e36af80d7761e9a
+tree 59db26d5f182bd694a3a0b038507509ef3e5e8f2
+parent 1e483bdd0ac8852a53e32e09059df9788619b3e8
+author Andi Kleen <ak at suse.de> 1119964649 +0200
+committer Marcelo Tosatti <marcelo.tosatti at cyclades.com> 1120052993 -0300
+
+[PATCH] Check for canonical addresses in ptrace
+
+Check for canonical addresses in ptrace
+
+This works around a AMD bug that allows to hang the CPU by passing
+illegal addresses.
+
+Signed-off-by: Andi Kleen <ak at suse.de>
+
+I:100644 100644 c799252bfa15c376b2a894a81009bec6bbfc1f87 812961f0f1b71ae796a00bbed676330d3cea851e M	arch/x86_64/kernel/ptrace.c
+
+Key:
+S: Skipped
+I: Included Included verbatim
+D: Deleted  Manually deleted by subsequent user edit
+R: Revised  Manually revised by subsequent user edit
+
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -139,6 +139,11 @@ static int putreg(struct task_struct *ch
+ 				return -EIO;
+ 			value &= 0xffff;
+             break;
++		case offsetof(struct user_regs_struct, rip):
++			/* Check if the new RIP address is canonical */
++			if (value >= TASK_SIZE)
++				return -EIO;
++			break;
+ 	}      
+ 	put_stack_long(child, regno - sizeof(struct pt_regs), value);
+ 	return 0;

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff	2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff	2005-07-29 04:21:14 UTC (rev 3624)
@@ -0,0 +1,46 @@
+commit 3a36ef7ace64c507f6b087071429dbfed7d2a96d
+tree f6097f56ad699f67e1c0dca233a095ce32715bc8
+parent 2e7fe37125e00cf9090416345e36af80d7761e9a
+author Andi Kleen <ak at suse.de> 1119964697 +0200
+committer Marcelo Tosatti <marcelo.tosatti at cyclades.com> 1120053000 -0300
+
+[PATCH] Fix canonical checking for segment registers in ptrace
+
+Fix canonical checking for segment registers in ptrace
+
+This avoids a local DOS where a process could oops the kernel by
+passing bogus values to ptrace. Some versions of UML did this.
+
+Found by Alexander Nyberg
+
+Signed-off-by: Andi Kleen <ak at suse.de>
+
+I:100644 100644 812961f0f1b71ae796a00bbed676330d3cea851e edaf18bc3ae94dfbc4c0f2a26d396df1f3b90f61 M	arch/x86_64/kernel/ptrace.c
+
+Key:
+S: Skipped
+I: Included Included verbatim
+D: Deleted  Manually deleted by subsequent user edit
+R: Revised  Manually revised by subsequent user edit
+
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -114,13 +114,13 @@ static int putreg(struct task_struct *ch
+ 			child->thread.es = value & 0xffff;
+ 			return 0;
+ 		case offsetof(struct user_regs_struct,fs_base):
+-			if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+-				return -EIO; 
++			if (value >= TASK_SIZE)
++				return -EIO;
+ 			child->thread.fs = value;
+ 			return 0;
+ 		case offsetof(struct user_regs_struct,gs_base):
+-			if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+-				return -EIO; 
++			if (value >= TASK_SIZE)
++				return -EIO;
+ 			child->thread.gs = value;
+ 			return 0;
+ 		case offsetof(struct user_regs_struct, eflags):

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-07-29 04:21:14 UTC (rev 3624)
@@ -1,2 +1,4 @@
 + 167_arch-ia64-x86_64_execve.diff
 + 168_fs_ext3_64bit_offset.diff
++ 169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
++ 169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff

More information about the Kernel-svn-changes mailing list