[kernel] r9594 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Bastian Blank waldi at alioth.debian.org
Tue Oct 2 09:10:50 UTC 2007 

Author: waldi
Date: Tue Oct  2 09:10:49 2007
New Revision: 9594

Log:
* debian/changelog: Update.
* debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch:
  Adopt to Xen changes.
* debian/patches/series/13etch4-extra: Update.


Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
      - copied, changed from r8367, /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Oct  2 09:10:49 2007
@@ -2,10 +2,13 @@
 
   * bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
     [SECURITY] Zero extend all registers after ptrace in 32-bit entry path
-    in the Xen kernels.
+    (Xen).
     See CVE-2007-4573
+  * bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
+    [SECURITY] Don't leak NT bit into next task (Xen).
+    See CVE-2006-5755
 
- -- Bastian Blank <waldi at debian.org>  Tue, 02 Oct 2007 10:44:28 +0200
+ -- Bastian Blank <waldi at debian.org>  Tue, 02 Oct 2007 11:09:12 +0200
 
 linux-2.6 (2.6.18.dfsg.1-13etch3) stable-security; urgency=high
 

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch (from r8367, /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch)
==============================================================================
--- /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch	Tue Oct  2 09:10:49 2007
@@ -1,29 +1,6 @@
-From 658fdbef66e5e9be79b457edc2cbbb3add840aa9 Mon Sep 17 00:00:00 2001
-From: Chuck Ebbert <76306.1226 at compuserve.com>
-To: linux-stable <stable at kernel.org>
-Message-ID: <200612152142_MC3-1-D531-A859 at compuserve.com>
-Date: Tue, 26 Sep 2006 10:52:41 +0200
-Subject: Don't leak NT bit into next task
 
-From: Andi Kleen <ak at suse.de>
-
-SYSENTER can cause a NT to be set which might cause crashes on the IRET
-in the next task.
-
-Following similar i386 patch from Linus.
-
-Signed-off-by: Andi Kleen <ak at suse.de>
-[backport from Chuck Ebbert]
-Signed-off-by: Chuck Ebbert <76306.1226 at compuserve.com>
-Signed-off-by: Chris Wright <chrisw at sous-sol.org>
----
- arch/x86_64/kernel/entry.S   |    4 ++++
- arch/x86_64/kernel/setup64.c |    4 ++++
- include/asm-x86_64/system.h  |    5 +++--
- 3 files changed, 11 insertions(+), 2 deletions(-)
-
---- linux-2.6.18.6.orig/arch/x86_64/kernel/entry.S
-+++ linux-2.6.18.6/arch/x86_64/kernel/entry.S
+--- linux-2.6.18.6.orig/arch/x86_64/kernel/entry-xen.S
++++ linux-2.6.18.6/arch/x86_64/kernel/entry-xen.S
 @@ -146,6 +146,10 @@
  /* rdi:	prev */	
  ENTRY(ret_from_fork)
@@ -35,8 +12,8 @@
  	call schedule_tail
  	GET_THREAD_INFO(%rcx)
  	testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),threadinfo_flags(%rcx)
---- linux-2.6.18.6.orig/arch/x86_64/kernel/setup64.c
-+++ linux-2.6.18.6/arch/x86_64/kernel/setup64.c
+--- linux-2.6.18.6.orig/arch/x86_64/kernel/setup64-xen.c
++++ linux-2.6.18.6/arch/x86_64/kernel/setup64-xen.c
 @@ -178,6 +178,8 @@ void __cpuinit check_efer(void)
          }       
  }
@@ -53,21 +30,3 @@
 +
 +	raw_local_save_flags(kernel_eflags);
  }
---- linux-2.6.18.6.orig/include/asm-x86_64/system.h
-+++ linux-2.6.18.6/include/asm-x86_64/system.h
-@@ -14,12 +14,13 @@
- #define __RESTORE(reg,offset) "movq (14-" #offset ")*8(%%rsp),%%" #reg "\n\t"
- 
- /* frame pointer must be last for get_wchan */
--#define SAVE_CONTEXT    "pushq %%rbp ; movq %%rsi,%%rbp\n\t"
--#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp\n\t"
-+#define SAVE_CONTEXT    "pushf ; pushq %%rbp ; movq %%rsi,%%rbp\n\t"
-+#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp ; popf\t"
- 
- #define __EXTRA_CLOBBER  \
- 	,"rcx","rbx","rdx","r8","r9","r10","r11","r12","r13","r14","r15"
- 
-+/* Save restore flags to clear handle leaking NT */
- #define switch_to(prev,next,last) \
- 	asm volatile(SAVE_CONTEXT						    \
- 		     "movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */	  \

Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra	Tue Oct  2 09:10:49 2007
@@ -1 +1,2 @@
 + bugfix/amd64-zero-extend-32bit-ptrace-xen.patch *_xen *_xen-vserver
++ bugfix/don-t-leak-nt-bit-into-next-task-xen.patch *_xen *_xen-vserver

More information about the Kernel-svn-changes mailing list