[kernel] r7782 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Mon Nov 13 03:15:22 UTC 2006 

Author: dannf
Date: Mon Nov 13 04:15:22 2006
New Revision: 7782

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Log:
* ppc-alignment-exception-table-check.dpatch
  [SECURITY][ppc] Avoid potential DoS which can be triggered by some
  futex ops
  See CVE-2006-5649

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Mon Nov 13 04:15:22 2006
@@ -20,8 +20,12 @@
     [SECURITY] Fix local DoS attack vector (lockups, oopses) in the
     sequence handling for /proc/net/ip6_flowlabel
     See CVE-2006-5619
+  * ppc-alignment-exception-table-check.dpatch
+    [SECURITY][ppc] Avoid potential DoS which can be triggered by some
+    futex ops
+    See CVE-2006-5649
 
- -- dann frazier <dannf at debian.org>  Sun, 12 Nov 2006 18:57:02 -0700
+ -- dann frazier <dannf at debian.org>  Sun, 12 Nov 2006 20:13:06 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch	Mon Nov 13 04:15:22 2006
@@ -0,0 +1,56 @@
+From: Benjamin Herrenschmidt <benh at kernel.crashing.org>
+Date: Wed, 1 Nov 2006 04:11:39 +0000 (+1100)
+Subject: [POWERPC] Make alignment exception always check exception table
+X-Git-Tag: v2.6.19-rc5
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4393c4f6788cee65095dd838cfeca6edefbfeb52
+
+[POWERPC] Make alignment exception always check exception table
+
+The alignment exception used to only check the exception table for
+-EFAULT, not for other errors. That opens an oops window if we can
+coerce the kernel into getting an alignment exception for other reasons
+in what would normally be a user-protected accessor, which can be done
+via some of the futex ops. This fixes it by always checking the
+exception tables.
+
+Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
+Signed-off-by: Paul Mackerras <paulus at samba.org>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at debian.org>
+
+diff -urpN kernel-source-2.6.8.orig/arch/ppc/kernel/traps.c kernel-source-2.6.8/arch/ppc/kernel/traps.c
+--- kernel-source-2.6.8.orig/arch/ppc/kernel/traps.c	2006-09-06 19:09:25.000000000 -0600
++++ kernel-source-2.6.8/arch/ppc/kernel/traps.c	2006-11-12 19:14:01.900614842 -0700
+@@ -553,7 +553,7 @@ void SingleStepException(struct pt_regs 
+ 
+ void AlignmentException(struct pt_regs *regs)
+ {
+-	int fixed;
++	int sig, code, fixed = 0;
+ 
+ 	fixed = fix_alignment(regs);
+ 	if (fixed == 1) {
+@@ -562,13 +562,16 @@ void AlignmentException(struct pt_regs *
+ 	}
+ 	if (fixed == -EFAULT) {
+ 		/* fixed == -EFAULT means the operand address was bad */
+-		if (user_mode(regs))
+-			_exception(SIGSEGV, regs, SEGV_ACCERR, regs->dar);
+-		else
+-			bad_page_fault(regs, regs->dar, SIGSEGV);
+-		return;
++		sig = SIGSEGV;
++		code = SEGV_ACCERR;
++	} else {
++		sig = SIGBUS;
++		code = BUS_ADRALN;
+ 	}
+-	_exception(SIGBUS, regs, BUS_ADRALN, regs->dar);
++	if (user_mode(regs))
++		_exception(sig, regs, code, regs->dar);
++	else
++		bad_page_fault(regs, regs->dar, sig);
+ }
+ 
+ void StackOverflow(struct pt_regs *regs)

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6	Mon Nov 13 04:15:22 2006
@@ -3,3 +3,4 @@
 + __block_prepare_write-recovery.dpatch
 + atm-clip-freed-skb-deref.dpatch
 + ip6_flowlabel-lockup.dpatch
++ ppc-alignment-exception-table-check.dpatch

More information about the Kernel-svn-changes mailing list