[kernel] r5634 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Mon Jan 30 06:15:41 UTC 2006

Author: dannf
Date: Mon Jan 30 06:15:38 2006
New Revision: 5634

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/206_s390-sacf-fix.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
Log:
* [SECURITY] s390: Fix for local root exploit: Force user process back to
  home space mode in space switch event exception handler. See CAN-2004-0887.
  206_s390-sacf-fix.diff

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================

--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Mon Jan 30 06:15:38 2006
@@ -110,7 +110,11 @@
     kernel memory.  See CAN-2005-1761.
     205_arch-ia64-ptrace-restore_sigcontext.diff
 
- -- dann frazier <dannf at debian.org>  Sun, 29 Jan 2006 21:48:00 -0700
+  * [SECURITY] s390: Fix for local root exploit: Force user process back to
+    home space mode in space switch event exception handler. See CAN-2004-0887.
+    206_s390-sacf-fix.diff
+
+ -- dann frazier <dannf at debian.org>  Sun, 29 Jan 2006 23:06:13 -0700
 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/206_s390-sacf-fix.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/206_s390-sacf-fix.diff	Mon Jan 30 06:15:38 2006
@@ -0,0 +1,33 @@
+diff -urN kernel-source-2.4.27-2.4.27.orig/arch/s390/kernel/traps.c kernel-source-2.4.27-2.4.27/arch/s390/kernel/traps.c
+--- kernel-source-2.4.27-2.4.27.orig/arch/s390/kernel/traps.c	2002-11-28 16:53:11.000000000 -0700
++++ kernel-source-2.4.27-2.4.27/arch/s390/kernel/traps.c	2006-01-29 23:12:01.000000000 -0700
+@@ -619,6 +619,20 @@
+ 	}
+ }
+ 
++asmlinkage void space_switch_exception(struct pt_regs * regs, long int_code)
++{
++        siginfo_t info;
++
++	/* Set user psw back to home space mode. */
++	if (regs->psw.mask & PSW_MASK_PSTATE)
++		regs->psw.mask |= PSW_ASC_HOME;
++	/* Send SIGILL. */
++        info.si_signo = SIGILL;
++        info.si_errno = 0;
++        info.si_code = ILL_PRVOPC;
++        info.si_addr = get_check_address(regs);
++        do_trap(int_code, SIGILL, "space switch event", regs, &info);
++}
+ 
+ 
+ /* init is done in lowcore.S and head.S */
+@@ -643,7 +657,7 @@
+         pgm_check_table[0x13] = &special_op_exception;
+  	pgm_check_table[0x14] = &do_pseudo_page_fault;
+         pgm_check_table[0x15] = &operand_exception;
+-        pgm_check_table[0x1C] = &privileged_op;
++        pgm_check_table[0x1C] = &space_switch_exception;
+ #ifdef CONFIG_PFAULT
+ 	if (MACHINE_IS_VM) {
+ 		/* request the 0x2603 external interrupt */

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	Mon Jan 30 06:15:38 2006
@@ -19,3 +19,4 @@
 + 203_proc_pid_cmdline_race.diff
 + 204_arch-ia64-ptrace-getregs-putregs.diff
 + 205_arch-ia64-ptrace-restore_sigcontext.diff
++ 206_s390-sacf-fix.diff

