r4120 - in dists/sid/linux-2.6/debian: . patches-debian patches-debian/series

Thu Sep 1 08:03:00 UTC 2005

Author: horms
Date: 2005-09-01 08:02:59 +0000 (Thu, 01 Sep 2005)
New Revision: 4120

Added:
   dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6
Log:
  * amd64-insert_vm_struct-leak.patch
    [Security] TASK_SIZE fixes for compatibility mode processes
    See CAN-2005-2617


Modified: dists/sid/linux-2.6/debian/changelog
===================================================================

--- dists/sid/linux-2.6/debian/changelog	2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/changelog	2005-09-01 08:02:59 UTC (rev 4120)
@@ -36,8 +36,12 @@
     - [Maybe-Security: Seems like a local DoS]
       Fix SKB leak in ip6_input_finish()
 
- -- Simon Horman <horms at debian.org>  Wed, 31 Aug 2005 18:13:58 +0900
+  * amd64-insert_vm_struct-leak.patch
+    [Security] TASK_SIZE fixes for compatibility mode processes
+    See CAN-2005-2617
 
+ -- Simon Horman <horms at debian.org>  Thu,  1 Sep 2005 17:00:27 +0900
+
 linux-2.6 (2.6.12-5) unstable; urgency=low
 
   * Change ARM to use GCC 3.3 to avoid FTBFS errors with GCC 4

Added: dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch	2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch	2005-09-01 08:02:59 UTC (rev 4120)
@@ -0,0 +1,42 @@
+From: Siddha, Suresh B <suresh.b.siddha at intel.com>
+Date: Sat, 16 Jul 2005 02:17:44 +0000 (-0700)
+Subject: [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
+X-Git-Tag: v2.6.13-rc4
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8
+
+  [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
+  
+  A malicious 32bit app can have an elf section at 0xffffe000.  During
+  exec of this app, we will have a memory leak as insert_vm_struct() is
+  not checking for return value in syscall32_setup_pages() and thus not
+  freeing the vma allocated for the vsyscall page.
+  
+  Check the return value and free the vma incase of failure.
+  
+  Signed-off-by: Suresh Siddha <suresh.b.siddha at intel.com>
+  Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/arch/x86_64/ia32/syscall32.c
++++ b/arch/x86_64/ia32/syscall32.c
+@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
+ 	int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
+ 	struct vm_area_struct *vma;
+ 	struct mm_struct *mm = current->mm;
++	int ret;
+ 
+ 	vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
+ 	if (!vma)
+@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
+ 	vma->vm_mm = mm;
+ 
+ 	down_write(&mm->mmap_sem);
+-	insert_vm_struct(mm, vma);
++	if ((ret = insert_vm_struct(mm, vma))) {
++		up_write(&mm->mmap_sem);
++		kmem_cache_free(vm_area_cachep, vma);
++		return ret;
++	}
+ 	mm->total_vm += npages;
+ 	up_write(&mm->mmap_sem);
+ 	return 0;


Property changes on: dists/sid/linux-2.6/debian/patches-debian/amd64-insert_vm_struct-leak.patch
___________________________________________________________________
Name: svn:executable
   + *

Modified: dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6
===================================================================
--- dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6	2005-09-01 07:48:03 UTC (rev 4119)
+++ dists/sid/linux-2.6/debian/patches-debian/series/2.6.12-6	2005-09-01 08:02:59 UTC (rev 4120)
@@ -1 +1,2 @@
 + 2.6.12.6.patch
++ amd64-insert_vm_struct-leak.patch


