[kernel] r9594 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Bastian Blank
waldi at alioth.debian.org
Tue Oct 2 09:10:50 UTC 2007
Author: waldi
Date: Tue Oct 2 09:10:49 2007
New Revision: 9594
Log:
* debian/changelog: Update.
* debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch:
Adopt to Xen changes.
* debian/patches/series/13etch4-extra: Update.
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
- copied, changed from r8367, /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Oct 2 09:10:49 2007
@@ -2,10 +2,13 @@
* bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
[SECURITY] Zero extend all registers after ptrace in 32-bit entry path
- in the Xen kernels.
+ (Xen).
See CVE-2007-4573
+ * bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
+ [SECURITY] Don't leak NT bit into next task (Xen).
+ See CVE-2006-5755
- -- Bastian Blank <waldi at debian.org> Tue, 02 Oct 2007 10:44:28 +0200
+ -- Bastian Blank <waldi at debian.org> Tue, 02 Oct 2007 11:09:12 +0200
linux-2.6 (2.6.18.dfsg.1-13etch3) stable-security; urgency=high
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch (from r8367, /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch)
==============================================================================
--- /dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task.patch (original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch Tue Oct 2 09:10:49 2007
@@ -1,29 +1,6 @@
-From 658fdbef66e5e9be79b457edc2cbbb3add840aa9 Mon Sep 17 00:00:00 2001
-From: Chuck Ebbert <76306.1226 at compuserve.com>
-To: linux-stable <stable at kernel.org>
-Message-ID: <200612152142_MC3-1-D531-A859 at compuserve.com>
-Date: Tue, 26 Sep 2006 10:52:41 +0200
-Subject: Don't leak NT bit into next task
-From: Andi Kleen <ak at suse.de>
-
-SYSENTER can cause a NT to be set which might cause crashes on the IRET
-in the next task.
-
-Following similar i386 patch from Linus.
-
-Signed-off-by: Andi Kleen <ak at suse.de>
-[backport from Chuck Ebbert]
-Signed-off-by: Chuck Ebbert <76306.1226 at compuserve.com>
-Signed-off-by: Chris Wright <chrisw at sous-sol.org>
----
- arch/x86_64/kernel/entry.S | 4 ++++
- arch/x86_64/kernel/setup64.c | 4 ++++
- include/asm-x86_64/system.h | 5 +++--
- 3 files changed, 11 insertions(+), 2 deletions(-)
-
---- linux-2.6.18.6.orig/arch/x86_64/kernel/entry.S
-+++ linux-2.6.18.6/arch/x86_64/kernel/entry.S
+--- linux-2.6.18.6.orig/arch/x86_64/kernel/entry-xen.S
++++ linux-2.6.18.6/arch/x86_64/kernel/entry-xen.S
@@ -146,6 +146,10 @@
/* rdi: prev */
ENTRY(ret_from_fork)
@@ -35,8 +12,8 @@
call schedule_tail
GET_THREAD_INFO(%rcx)
testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),threadinfo_flags(%rcx)
---- linux-2.6.18.6.orig/arch/x86_64/kernel/setup64.c
-+++ linux-2.6.18.6/arch/x86_64/kernel/setup64.c
+--- linux-2.6.18.6.orig/arch/x86_64/kernel/setup64-xen.c
++++ linux-2.6.18.6/arch/x86_64/kernel/setup64-xen.c
@@ -178,6 +178,8 @@ void __cpuinit check_efer(void)
}
}
@@ -53,21 +30,3 @@
+
+ raw_local_save_flags(kernel_eflags);
}
---- linux-2.6.18.6.orig/include/asm-x86_64/system.h
-+++ linux-2.6.18.6/include/asm-x86_64/system.h
-@@ -14,12 +14,13 @@
- #define __RESTORE(reg,offset) "movq (14-" #offset ")*8(%%rsp),%%" #reg "\n\t"
-
- /* frame pointer must be last for get_wchan */
--#define SAVE_CONTEXT "pushq %%rbp ; movq %%rsi,%%rbp\n\t"
--#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp\n\t"
-+#define SAVE_CONTEXT "pushf ; pushq %%rbp ; movq %%rsi,%%rbp\n\t"
-+#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp ; popf\t"
-
- #define __EXTRA_CLOBBER \
- ,"rcx","rbx","rdx","r8","r9","r10","r11","r12","r13","r14","r15"
-
-+/* Save restore flags to clear handle leaking NT */
- #define switch_to(prev,next,last) \
- asm volatile(SAVE_CONTEXT \
- "movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */ \
Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch4-extra Tue Oct 2 09:10:49 2007
@@ -1 +1,2 @@
+ bugfix/amd64-zero-extend-32bit-ptrace-xen.patch *_xen *_xen-vserver
++ bugfix/don-t-leak-nt-bit-into-next-task-xen.patch *_xen *_xen-vserver
More information about the Kernel-svn-changes
mailing list