r3624 - in
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: .
patches patches/series
Simon Horman
horms at costa.debian.org
Fri Jul 29 04:21:15 UTC 2005
Author: horms
Date: 2005-07-29 04:21:14 +0000 (Fri, 29 Jul 2005)
New Revision: 3624
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
This works around an AMD Erratum by checking if the ptrace RIP is canonical. See CAN-2005-1761 and CAN-2005-1762
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-07-29 04:21:14 UTC (rev 3624)
@@ -3,13 +3,19 @@
* 167_arch-ia64-x86_64_execve.diff:
Race condition in the ia32 compatibility code for the execve system call
See CAN-2005-1768. (closes: #319629). (Simon Horman)
+
* 168_fs_ext3_64bit_offset.diff:
Incorrect offset checks for ext3 xattr on 64 bit architectures
can lead to a local DoS.
See CAN-2005-0757. (closes: #311164). (Simon Horman)
- -- Simon Horman <horms at debian.org> Fri, 29 Jul 2005 12:15:18 +0900
+ * 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch,
+ 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
+ This works around an AMD Erratum by checking if the ptrace RIP is canonical.
+ See CAN-2005-1761 and CAN-2005-1762 (Simon Horman)
+ -- Simon Horman <horms at debian.org> Fri, 29 Jul 2005 13:19:23 +0900
+
kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
* 155_net-bluetooth-signdness-fix.diff:
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff 2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff 2005-07-29 04:21:14 UTC (rev 3624)
@@ -0,0 +1,38 @@
+commit 2e7fe37125e00cf9090416345e36af80d7761e9a
+tree 59db26d5f182bd694a3a0b038507509ef3e5e8f2
+parent 1e483bdd0ac8852a53e32e09059df9788619b3e8
+author Andi Kleen <ak at suse.de> 1119964649 +0200
+committer Marcelo Tosatti <marcelo.tosatti at cyclades.com> 1120052993 -0300
+
+[PATCH] Check for canonical addresses in ptrace
+
+Check for canonical addresses in ptrace
+
+This works around a AMD bug that allows to hang the CPU by passing
+illegal addresses.
+
+Signed-off-by: Andi Kleen <ak at suse.de>
+
+I:100644 100644 c799252bfa15c376b2a894a81009bec6bbfc1f87 812961f0f1b71ae796a00bbed676330d3cea851e M arch/x86_64/kernel/ptrace.c
+
+Key:
+S: Skipped
+I: Included Included verbatim
+D: Deleted Manually deleted by subsequent user edit
+R: Revised Manually revised by subsequent user edit
+
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -139,6 +139,11 @@ static int putreg(struct task_struct *ch
+ return -EIO;
+ value &= 0xffff;
+ break;
++ case offsetof(struct user_regs_struct, rip):
++ /* Check if the new RIP address is canonical */
++ if (value >= TASK_SIZE)
++ return -EIO;
++ break;
+ }
+ put_stack_long(child, regno - sizeof(struct pt_regs), value);
+ return 0;
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff 2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff 2005-07-29 04:21:14 UTC (rev 3624)
@@ -0,0 +1,46 @@
+commit 3a36ef7ace64c507f6b087071429dbfed7d2a96d
+tree f6097f56ad699f67e1c0dca233a095ce32715bc8
+parent 2e7fe37125e00cf9090416345e36af80d7761e9a
+author Andi Kleen <ak at suse.de> 1119964697 +0200
+committer Marcelo Tosatti <marcelo.tosatti at cyclades.com> 1120053000 -0300
+
+[PATCH] Fix canonical checking for segment registers in ptrace
+
+Fix canonical checking for segment registers in ptrace
+
+This avoids a local DOS where a process could oops the kernel by
+passing bogus values to ptrace. Some versions of UML did this.
+
+Found by Alexander Nyberg
+
+Signed-off-by: Andi Kleen <ak at suse.de>
+
+I:100644 100644 812961f0f1b71ae796a00bbed676330d3cea851e edaf18bc3ae94dfbc4c0f2a26d396df1f3b90f61 M arch/x86_64/kernel/ptrace.c
+
+Key:
+S: Skipped
+I: Included Included verbatim
+D: Deleted Manually deleted by subsequent user edit
+R: Revised Manually revised by subsequent user edit
+
+diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
+--- a/arch/x86_64/kernel/ptrace.c
++++ b/arch/x86_64/kernel/ptrace.c
+@@ -114,13 +114,13 @@ static int putreg(struct task_struct *ch
+ child->thread.es = value & 0xffff;
+ return 0;
+ case offsetof(struct user_regs_struct,fs_base):
+- if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+- return -EIO;
++ if (value >= TASK_SIZE)
++ return -EIO;
+ child->thread.fs = value;
+ return 0;
+ case offsetof(struct user_regs_struct,gs_base):
+- if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+- return -EIO;
++ if (value >= TASK_SIZE)
++ return -EIO;
+ child->thread.gs = value;
+ return 0;
+ case offsetof(struct user_regs_struct, eflags):
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11 2005-07-29 04:08:04 UTC (rev 3623)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11 2005-07-29 04:21:14 UTC (rev 3624)
@@ -1,2 +1,4 @@
+ 167_arch-ia64-x86_64_execve.diff
+ 168_fs_ext3_64bit_offset.diff
++ 169_arch-x86_64-kernel-ptrace-canonical-rip-1.diff
++ 169_arch-x86_64-kernel-ptrace-canonical-rip-2.diff
More information about the Kernel-svn-changes
mailing list