r4120 - in dists/sid/linux-2.6/debian: . patches-debian
patches-debian/series
Simon Horman
horms at costa.debian.org
Thu Sep 1 08:03:00 UTC 2005
Author: horms
Date: 2005-09-01 08:02:59 +0000 (Thu, 01 Sep 2005)
New Revision: 4120
Added:
dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6
Log:
* amd64-insert_vm_struct-leak.patch
[Security] TASK_SIZE fixes for compatibility mode processes
See CAN-2005-2617
Modified: dists/sid/linux-2.6/debian/changelog
===================================================================
--- dists/sid/linux-2.6/debian/changelog 2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/changelog 2005-09-01 08:02:59 UTC (rev 4120)
@@ -36,8 +36,12 @@
- [Maybe-Security: Seems like a local DoS]
Fix SKB leak in ip6_input_finish()
- -- Simon Horman <horms at debian.org> Wed, 31 Aug 2005 18:13:58 +0900
+ * amd64-insert_vm_struct-leak.patch
+ [Security] TASK_SIZE fixes for compatibility mode processes
+ See CAN-2005-2617
+ -- Simon Horman <horms at debian.org> Thu, 1 Sep 2005 17:00:27 +0900
+
linux-2.6 (2.6.12-5) unstable; urgency=low
* Change ARM to use GCC 3.3 to avoid FTBFS errors with GCC 4
Added: dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch 2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch 2005-09-01 08:02:59 UTC (rev 4120)
@@ -0,0 +1,42 @@
+From: Siddha, Suresh B <suresh.b.siddha at intel.com>
+Date: Sat, 16 Jul 2005 02:17:44 +0000 (-0700)
+Subject: [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
+X-Git-Tag: v2.6.13-rc4
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8
+
+ [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
+
+ A malicious 32bit app can have an elf section at 0xffffe000. During
+ exec of this app, we will have a memory leak as insert_vm_struct() is
+ not checking for return value in syscall32_setup_pages() and thus not
+ freeing the vma allocated for the vsyscall page.
+
+ Check the return value and free the vma incase of failure.
+
+ Signed-off-by: Suresh Siddha <suresh.b.siddha at intel.com>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/arch/x86_64/ia32/syscall32.c
++++ b/arch/x86_64/ia32/syscall32.c
+@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
+ int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
+ struct vm_area_struct *vma;
+ struct mm_struct *mm = current->mm;
++ int ret;
+
+ vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
+ if (!vma)
+@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
+ vma->vm_mm = mm;
+
+ down_write(&mm->mmap_sem);
+- insert_vm_struct(mm, vma);
++ if ((ret = insert_vm_struct(mm, vma))) {
++ up_write(&mm->mmap_sem);
++ kmem_cache_free(vm_area_cachep, vma);
++ return ret;
++ }
+ mm->total_vm += npages;
+ up_write(&mm->mmap_sem);
+ return 0;
Property changes on: dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
___________________________________________________________________
Name: svn:executable
+ *
Modified: dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6 2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6 2005-09-01 08:02:59 UTC (rev 4120)
@@ -1 +1,2 @@
+ 2.6.12.6.patch
++ amd64-insert_vm_struct-leak.patch
More information about the Kernel-svn-changes
mailing list