[kernel] r6629 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Sat May 20 05:49:57 UTC 2006


Author: dannf
Date: Sat May 20 05:49:54 2006
New Revision: 6629

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep1.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep2.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep3.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
  [SECURITY][amd64] Fix an information leak that allows a process to see
  a portion of the floating point state of other processes, possibly exposing
  sensitive information.
  See CVE-2006-1056

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sat May 20 05:49:54 2006
@@ -67,8 +67,13 @@
     [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
     COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
     See CVE-2006-2272
+  * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
+    [SECURITY][amd64] Fix an information leak that allows a process to see
+    a portion of the floating point state of other processes, possibly exposing
+    sensitive information.
+    See CVE-2006-1056
 
- -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 00:32:13 -0500
+ -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 00:48:15 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep1.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep1.dpatch	Sat May 20 05:49:54 2006
@@ -0,0 +1,128 @@
+This patch is a dependency for the CVE-2006-1055 patch. Small modification to
+ensure that it applies cleanly to the 2.6.8 kernel.
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+
+diff-tree 7180d4fb83085fef9d24b353f5bd79cf6fd98447 (from e99286744599a66195de4cd975d7ef4d643c2789)
+Author: Jan Beulich <jbeulich at novell.com>
+Date:   Wed Jan 11 22:43:36 2006 +0100
+
+    [PATCH] x86_64: Fix 64bit FXSAVE encoding
+
+    The separation of the rex64 prefix (on fxsave/fxrstor) by way of using
+    a semicolon resulted in the prefix not always taking effect (because
+    when extended registers are needed for addressing, another rex prefix
+    would have been generated by the compiler), thus (depending on the
+    build) resulting in eventually getting 32-bit saves and/or restores.
+
+    Signed-Off-By: Jan Beulich <jbeulich at novell.com>
+    Signed-off-by: Andi Kleen <ak at suse.de>
+    Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+
+diff -urN start/include/asm-x86_64/i387.h x/include/asm-x86_64/i387.h
+--- start/include/asm-x86_64/i387.h	2004-08-13 23:36:58.000000000 -0600
++++ x/include/asm-x86_64/i387.h	2006-05-17 14:17:00.000000000 -0600
+@@ -76,7 +76,8 @@
+ static inline int restore_fpu_checking(struct i387_fxsave_struct *fx) 
+ { 
+ 	int err;
+-	asm volatile("1:  rex64 ; fxrstor (%[fx])\n\t"
++
++	asm volatile("1:  rex64/fxrstor (%[fx])\n\t"
+ 		     "2:\n"
+ 		     ".section .fixup,\"ax\"\n"
+ 		     "3:  movl $-1,%[err]\n"
+@@ -87,7 +88,11 @@
+ 		     "   .quad  1b,3b\n"
+ 		     ".previous"
+ 		     : [err] "=r" (err)
+-		     : [fx] "r" (fx), "0" (0)); 
++#if 0 /* See comment in __fxsave_clear() below. */
++		     : [fx] "r" (fx), "m" (*fx), "0" (0));
++#else
++		     : [fx] "cdaSDb" (fx), "m" (*fx), "0" (0));
++#endif
+ 	if (unlikely(err))
+ 		init_fpu(current);
+ 	return err;
+@@ -96,7 +101,8 @@
+ static inline int save_i387_checking(struct i387_fxsave_struct __user *fx) 
+ { 
+ 	int err;
+-	asm volatile("1:  rex64 ; fxsave (%[fx])\n\t"
++
++	asm volatile("1:  rex64/fxsave (%[fx])\n\t"
+ 		     "2:\n"
+ 		     ".section .fixup,\"ax\"\n"
+ 		     "3:  movl $-1,%[err]\n"
+@@ -106,19 +112,53 @@
+ 		     "   .align 8\n"
+ 		     "   .quad  1b,3b\n"
+ 		     ".previous"
+-		     : [err] "=r" (err)
+-		     : [fx] "r" (fx), "0" (0)); 
++		     : [err] "=r" (err), "=m" (*fx)
++#if 0 /* See comment in __fxsave_clear() below. */
++		     : [fx] "r" (fx), "0" (0));
++#else
++		     : [fx] "cdaSDb" (fx), "0" (0));
++#endif
+ 	if (unlikely(err))
+ 		__clear_user(fx, sizeof(struct i387_fxsave_struct));
+ 	return err;
+ } 
+ 
++static inline void __fxsave_clear(struct task_struct *tsk)
++{
++	/* Using "rex64; fxsave %0" is broken because, if the memory operand
++	   uses any extended registers for addressing, a second REX prefix
++	   will be generated (to the assembler, rex64 followed by semicolon
++	   is a separate instruction), and hence the 64-bitness is lost. */
++#if 0
++	/* Using "fxsaveq %0" would be the ideal choice, but is only supported
++	   starting with gas 2.16. */
++	__asm__ __volatile__("fxsaveq %0"
++			     : "=m" (tsk->thread.i387.fxsave));
++#elif 0
++	/* Using, as a workaround, the properly prefixed form below isn't
++	   accepted by any binutils version so far released, complaining that
++	   the same type of prefix is used twice if an extended register is
++	   needed for addressing (fix submitted to mainline 2005-11-21). */
++	__asm__ __volatile__("rex64/fxsave %0"
++			     : "=m" (tsk->thread.i387.fxsave));
++#else
++	/* This, however, we can work around by forcing the compiler to select
++	   an addressing mode that doesn't require extended registers. */
++	__asm__ __volatile__("rex64/fxsave %P2(%1)"
++			     : "=m" (tsk->thread.i387.fxsave)
++			     : "cdaSDb" (tsk),
++				"i" (offsetof(__typeof__(*tsk),
++					      thread.i387.fxsave)));
++#endif
++	__asm__ __volatile__("fnclex");
++}
++
+ static inline void kernel_fpu_begin(void)
+ {
+ 	struct thread_info *me = current_thread_info();
+-	if (me->status & TS_USEDFPU) { 
+-		asm volatile("rex64 ; fxsave %0 ; fnclex"
+-			      : "=m" (me->task->thread.i387.fxsave));
++	if (me->status & TS_USEDFPU) {
++		__fxsave_clear(me->task);
++
+ 		me->status &= ~TS_USEDFPU;
+ 		return;
+ 	}
+@@ -127,8 +167,7 @@
+ 
+ static inline void save_init_fpu( struct task_struct *tsk )
+ {
+-	asm volatile( "fxsave %0 ; fnclex"
+-		      : "=m" (tsk->thread.i387.fxsave));
++	__fxsave_clear(tsk);
+ 	tsk->thread_info->status &= ~TS_USEDFPU;
+ 	stts();
+ }

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep2.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep2.dpatch	Sat May 20 05:49:54 2006
@@ -0,0 +1,41 @@
+This patch is a dependency for the CVE-2006-1055 patch, however there was a
+hunk of it that changed another inbetween patch. I removed "Hunk #1" of the
+origional commit because it is not a direct dependency.
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+Author: Linus Torvalds <torvalds at evo.osdl.org>
+Date:   Fri Jul 22 18:19:20 2005 -0400
+
+    x86: use alternative instructions for fnsave/fxsave too
+    
+    This one ends up using an inline asm format that claims to read memory
+    and then clobber it (rather than just write it directly), which made it
+    easier to use the existing "alternative_input()" infrastructure support.
+    
+    Now the fxsave code matches the fxrstor.
+
+diff --git a/include/asm-i386/i387.h b/include/asm-i386/i387.h
+index e678609..6747006 100644
+--- a/include/asm-i386/i387.h
++++ b/include/asm-i386/i387.h
+@@ -43,13 +43,12 @@ extern void kernel_fpu_begin(void);
+  */
+ static inline void __save_init_fpu( struct task_struct *tsk )
+ {
+-	if ( cpu_has_fxsr ) {
+-		asm volatile( "fxsave %0 ; fnclex"
+-			      : "=m" (tsk->thread.i387.fxsave) );
+-	} else {
+-		asm volatile( "fnsave %0 ; fwait"
+-			      : "=m" (tsk->thread.i387.fsave) );
+-	}
++	alternative_input(
++		"fnsave %1 ; fwait ;" GENERIC_NOP2,
++		"fxsave %1 ; fnclex",
++		X86_FEATURE_FXSR,
++		"m" (tsk->thread.i387.fxsave)
++		:"memory");
+ 	tsk->thread_info->status &= ~TS_USEDFPU;
+ }
+ 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep3.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak-dep3.dpatch	Sat May 20 05:49:54 2006
@@ -0,0 +1,21 @@
+diff -urN orig/include/asm-x86_64/system.h work/include/asm-x86_64/system.h
+--- orig/include/asm-x86_64/system.h	2004-08-13 23:37:38.000000000 -0600
++++ work/include/asm-x86_64/system.h	2006-05-17 20:27:51.000000000 -0600
+@@ -123,7 +123,7 @@
+  * If you use variable sized constraints like "m" or "g" in the 
+  * replacement maake sure to pad to the worst case length.
+  */
+-#define alternative_input(oldinstr, newinstr, feature, input)		\
++#define alternative_input(oldinstr, newinstr, feature, input...)	\
+ 	asm volatile ("661:\n\t" oldinstr "\n662:\n"			\
+ 		      ".section .altinstructions,\"a\"\n"		\
+ 		      "  .align 8\n"					\
+@@ -135,7 +135,7 @@
+ 		      ".previous\n"					\
+ 		      ".section .altinstr_replacement,\"ax\"\n"		\
+ 		      "663:\n\t" newinstr "\n664:\n"   /* replacement */ \
+-		      ".previous" :: "i" (feature), input)
++		      ".previous" :: "i" (feature), ##input)
+ 
+ /*
+  * Clear and set 'TS' bit respectively

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/amd64-fp-reg-leak.dpatch	Sat May 20 05:49:54 2006
@@ -0,0 +1,233 @@
+This is the patch for CVE-2006-1055 Sarge 2.6.8, there are two dependencies for
+this patch. This patch is slightly different fromt he origional upstream because
+it also resolves the bug that introduced by the origional upstream patch. 
+
+commit 6584014ec33ed34c5bf6c5af20a0951069bea7a9
+Author: Chuck Ebbert <76306.1226 at compuserve.com>
+Date:   Sat Apr 29 14:07:49 2006 -0400
+
+    [PATCH] i386: fix broken FP exception handling
+
+    The FXSAVE information leak patch introduced a bug in FP exception
+    handling: it clears FP exceptions only when there are already
+    none outstanding.  Mikael Pettersson reported that causes problems
+    with the Erlang runtime and has tested this fix.
+
+    Signed-off-by: Chuck Ebbert <76306.1226 at compuserve.com>
+    Acked-by: Mikael Pettersson <mikpe at it.uu.se>
+    Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+
+Signed-off-by: Troy Heber <troyh at hp.com>
+
+diff-tree 7466f9e72dac13452d871a3fb72fc7bd9c93c864 (from aa48603d1ba772d0a2b28ab73098be2119878eba)
+Author: Andi Kleen <ak at suse.de>
+Date:   Wed Apr 19 07:17:31 2006 +0200
+
+    [PATCH] i386/x86-64: Fix x87 information leak between processes (CVE-2006-1056)
+    
+    AMD K7/K8 CPUs only save/restore the FOP/FIP/FDP x87 registers in FXSAVE
+    when an exception is pending.  This means the value leak through context
+    switches and allow processes to observe some x87 instruction state of
+    other processes.
+    
+    This was actually documented by AMD, but nobody recognized it as being
+    different from Intel before.
+    
+    The fix first adds an optimization: instead of unconditionally calling
+    FNCLEX after each FXSAVE test if ES is pending and skip it when not
+    needed. Then do a x87 load from a kernel variable to clear FOP/FIP/FDP.
+    
+    This means other processes always will only see a constant value defined
+    by the kernel in their FP state.
+    
+    I took some pain to make sure to chose a variable that's already in L1
+    during context switch to make the overhead of this low.
+    
+    Also alternative() is used to patch away the new code on CPUs who don't
+    need it.
+    
+    Patch for both i386/x86-64.
+    
+    The problem was discovered originally by Jan Beulich. Richard Brunner
+    provided the basic code for the workarounds, with contribution from Jan.
+    
+    This is CVE-2006-1056
+    
+    Cc: richard.brunner at amd.com
+    Cc: jbeulich at novell.com
+    Signed-off-by: Andi Kleen <ak at suse.de>
+    Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+
+diff -urN start/arch/i386/kernel/cpu/amd.c work/arch/i386/kernel/cpu/amd.c
+--- start/arch/i386/kernel/cpu/amd.c	2004-08-13 23:38:04.000000000 -0600
++++ work/arch/i386/kernel/cpu/amd.c	2006-05-17 16:08:02.000000000 -0600
+@@ -186,6 +186,8 @@
+ 		set_bit(X86_FEATURE_K7, c->x86_capability); 
+ 		break;
+ 	}
++	if (c->x86 >= 6)
++		set_bit(X86_FEATURE_FXSAVE_LEAK, c->x86_capability);
+ 
+ 	display_cacheinfo(c);
+ }
+diff -urN start/arch/x86_64/kernel/process.c work/arch/x86_64/kernel/process.c
+--- start/arch/x86_64/kernel/process.c	2006-02-08 22:55:59.000000000 -0700
++++ work/arch/x86_64/kernel/process.c	2006-05-17 16:09:50.000000000 -0600
+@@ -411,8 +411,6 @@
+ 	int cpu = smp_processor_id();  
+ 	struct tss_struct *tss = &per_cpu(init_tss, cpu);
+ 
+-	unlazy_fpu(prev_p);
+-
+ 	/*
+ 	 * Reload esp0, LDT and the page table pointer:
+ 	 */
+@@ -475,6 +473,12 @@
+ 	prev->userrsp = read_pda(oldrsp); 
+ 	write_pda(oldrsp, next->userrsp); 
+ 	write_pda(pcurrent, next_p); 
++
++	/* This must be here to ensure both math_state_restore() and
++	   kernel_fpu_begin() work consistently.
++	   And the AMD workaround requires it to be after DS reload. */
++	unlazy_fpu(prev_p);
++
+ 	write_pda(kernelstack, (unsigned long)next_p->thread_info + THREAD_SIZE - PDA_STACKOFFSET);
+ 
+ 	/*
+diff -urN start/arch/x86_64/kernel/setup.c work/arch/x86_64/kernel/setup.c
+--- start/arch/x86_64/kernel/setup.c	2006-02-08 22:55:58.000000000 -0700
++++ work/arch/x86_64/kernel/setup.c	2006-05-17 16:08:02.000000000 -0600
+@@ -668,6 +668,10 @@
+ 	if ((level >= 0x0f48 && level < 0x0f50) || level >= 0x0f58)
+ 		set_bit(X86_FEATURE_K8_C, &c->x86_capability);
+ 
++	/* Enable workaround for FXSAVE leak */
++	if (c->x86 >= 6)
++		set_bit(X86_FEATURE_FXSAVE_LEAK, &c->x86_capability);
++
+ 	r = get_model_name(c);
+ 	if (!r) { 
+ 		switch (c->x86) { 
+diff -urN start/include/asm-i386/cpufeature.h work/include/asm-i386/cpufeature.h
+--- start/include/asm-i386/cpufeature.h	2004-08-13 23:37:30.000000000 -0600
++++ work/include/asm-i386/cpufeature.h	2006-05-17 16:12:10.000000000 -0600
+@@ -69,6 +69,7 @@
+ #define X86_FEATURE_K7		(3*32+ 5) /* Athlon */
+ #define X86_FEATURE_P3		(3*32+ 6) /* P3 */
+ #define X86_FEATURE_P4		(3*32+ 7) /* P4 */
++#define X86_FEATURE_FXSAVE_LEAK (3*32+10) /* FXSAVE leaks FOP/FIP/FOP */
+ 
+ /* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
+ #define X86_FEATURE_EST		(4*32+ 7) /* Enhanced SpeedStep */
+diff -urN start/include/asm-i386/i387.h work/include/asm-i386/i387.h
+--- start/include/asm-i386/i387.h	2006-05-17 15:59:34.000000000 -0600
++++ work/include/asm-i386/i387.h	2006-05-17 16:16:23.000000000 -0600
+@@ -13,6 +13,7 @@
+ 
+ #include <linux/sched.h>
+ #include <linux/init.h>
++#include <linux/kernel_stat.h>
+ #include <asm/processor.h>
+ #include <asm/sigcontext.h>
+ #include <asm/user.h>
+@@ -28,17 +29,38 @@
+ extern void kernel_fpu_begin(void);
+ #define kernel_fpu_end() do { stts(); preempt_enable(); } while(0)
+ 
++/* We need a safe address that is cheap to find and that is already
++   in L1 during context switch. The best choices are unfortunately
++   different for UP and SMP */
++#ifdef CONFIG_SMP
++#define safe_address (__per_cpu_offset[0])
++#else
++#define safe_address (kstat_cpu(0).cpustat.user)
++#endif
++
+ /*
+  * These must be called with preempt disabled
+  */
+ static inline void __save_init_fpu( struct task_struct *tsk )
+ {
++	/* Use more nops than strictly needed in case the compiler
++	   varies code */
+ 	alternative_input(
+-		"fnsave %1 ; fwait ;" GENERIC_NOP2,
+-		"fxsave %1 ; fnclex",
++		"fnsave %[fx] ;fwait;" GENERIC_NOP8 GENERIC_NOP4,
++		"fxsave %[fx]\n"
++		"bt $7,%[fsw] ; jnc 1f ; fnclex\n1:",			
+ 		X86_FEATURE_FXSR,
+-		"m" (tsk->thread.i387.fxsave)
+-		:"memory");
++		[fx] "m" (tsk->thread.i387.fxsave),
++		[fsw] "m" (tsk->thread.i387.fxsave.swd) : "memory");
++	/* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
++	   is pending.  Clear the x87 state here by setting it to fixed
++   	   values. safe_address is a random variable that should be in L1 */
++	alternative_input(
++		GENERIC_NOP8 GENERIC_NOP2,
++		"emms\n\t"	  	/* clear stack tags */
++		"fildl %[addr]", 	/* set F?P to defined value */
++		X86_FEATURE_FXSAVE_LEAK,
++		[addr] "m" (safe_address));
+ 	tsk->thread_info->status &= ~TS_USEDFPU;
+ }
+ 
+diff -urN start/include/asm-x86_64/cpufeature.h work/include/asm-x86_64/cpufeature.h
+--- start/include/asm-x86_64/cpufeature.h	2004-08-13 23:36:59.000000000 -0600
++++ work/include/asm-x86_64/cpufeature.h	2006-05-17 16:17:11.000000000 -0600
+@@ -61,6 +61,7 @@
+ #define X86_FEATURE_CYRIX_ARR	(3*32+ 2) /* Cyrix ARRs (= MTRRs) */
+ #define X86_FEATURE_CENTAUR_MCR	(3*32+ 3) /* Centaur MCRs (= MTRRs) */
+ #define X86_FEATURE_K8_C	(3*32+ 4) /* C stepping K8 */
++#define X86_FEATURE_FXSAVE_LEAK (3*32+7)  /* FIP/FOP/FDP leaks through FXSAVE */
+ 
+ /* Intel-defined CPU features, CPUID level 0x00000001 (ecx), word 4 */
+ #define X86_FEATURE_EST		(4*32+ 7) /* Enhanced SpeedStep */
+diff -urN start/include/asm-x86_64/i387.h work/include/asm-x86_64/i387.h
+--- start/include/asm-x86_64/i387.h	2006-05-17 15:59:31.000000000 -0600
++++ work/include/asm-x86_64/i387.h	2006-05-17 16:08:02.000000000 -0600
+@@ -73,6 +73,23 @@
+ #define set_fpu_swd(t,val) ((t)->thread.i387.fxsave.swd = (val))
+ #define set_fpu_fxsr_twd(t,val) ((t)->thread.i387.fxsave.twd = (val))
+ 
++#define X87_FSW_ES (1 << 7)	/* Exception Summary */
++
++/* AMD CPUs don't save/restore FDP/FIP/FOP unless an exception
++   is pending. Clear the x87 state here by setting it to fixed
++   values. The kernel data segment can be sometimes 0 and sometimes
++   new user value. Both should be ok.
++   Use the PDA as safe address because it should be already in L1. */
++static inline void clear_fpu_state(struct i387_fxsave_struct *fx)
++{
++	if (unlikely(fx->swd & X87_FSW_ES))
++		 asm volatile("fnclex");
++	alternative_input(ASM_NOP8 ASM_NOP2,
++	     	     "    emms\n"		/* clear stack tags */
++	     	     "    fildl %%gs:0",	/* load to clear state */
++		     X86_FEATURE_FXSAVE_LEAK);
++}
++
+ static inline int restore_fpu_checking(struct i387_fxsave_struct *fx) 
+ { 
+ 	int err;
+@@ -120,6 +137,7 @@
+ #endif
+ 	if (unlikely(err))
+ 		__clear_user(fx, sizeof(struct i387_fxsave_struct));
++	/* No need to clear here because the caller clears USED_MATH */
+ 	return err;
+ } 
+ 
+@@ -150,7 +168,7 @@
+ 				"i" (offsetof(__typeof__(*tsk),
+ 					      thread.i387.fxsave)));
+ #endif
+-	__asm__ __volatile__("fnclex");
++	clear_fpu_state(&tsk->thread.i387.fxsave);
+ }
+ 
+ static inline void kernel_fpu_begin(void)

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Sat May 20 05:49:54 2006
@@ -16,3 +16,7 @@
 + mcast-ip-route-null-deref.dpatch
 + sctp-fragment-recurse.dpatch
 + sctp-fragmented-receive-fix.dpatch
++ amd64-fp-reg-leak-dep1.dpatch
++ amd64-fp-reg-leak-dep2.dpatch
++ amd64-fp-reg-leak-dep3.dpatch
++ amd64-fp-reg-leak.dpatch
\ No newline at end of file



More information about the Kernel-svn-changes mailing list