[kernel] r10532 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Feb 13 21:02:37 UTC 2008
Author: dannf
Date: Wed Feb 13 21:02:36 2008
New Revision: 10532
Log:
* [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
into address space reserved for hugetlb pages.
See CVE-2007-3739
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/prevent-stack-growth-into-hugetlb-region.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Wed Feb 13 21:02:36 2008
@@ -41,8 +41,11 @@
* isdn-net-overflow.dpatch
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
+ * [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
- -- dann frazier <dannf at debian.org> Fri, 08 Feb 2008 17:28:08 -0700
+ -- dann frazier <dannf at debian.org> Wed, 13 Feb 2008 14:01:28 -0700
kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/prevent-stack-growth-into-hugetlb-region.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/prevent-stack-growth-into-hugetlb-region.dpatch Wed Feb 13 21:02:36 2008
@@ -0,0 +1,48 @@
+From: Adam Litke <agl at us.ibm.com>
+Date: Tue, 30 Jan 2007 22:35:39 +0000 (-0800)
+Subject: [PATCH] Don't allow the stack to grow into hugetlb reserved regions
+X-Git-Tag: v2.6.20-rc7~10
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0d59a01bc461bbab4017ff449b8401151ef44cf6
+
+[PATCH] Don't allow the stack to grow into hugetlb reserved regions
+
+When expanding the stack, we don't currently check if the VMA will cross
+into an area of the address space that is reserved for hugetlb pages.
+Subsequent faults on the expanded portion of such a VMA will confuse the
+low-level MMU code, resulting in an OOPS. Check for this.
+
+Signed-off-by: Adam Litke <agl at us.ibm.com>
+Cc: David Gibson <david at gibson.dropbear.id.au>
+Cc: William Lee Irwin III <wli at holomorphy.com>
+Cc: Hugh Dickins <hugh at veritas.com>
+Cc: <stable at kernel.org>
+Signed-off-by: Andrew Morton <akpm at osdl.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at hp.com>
+
+diff -urpN kernel-source-2.6.8.orig/mm/mmap.c kernel-source-2.6.8/mm/mmap.c
+--- kernel-source-2.6.8.orig/mm/mmap.c 2007-05-26 02:54:40.000000000 -0600
++++ kernel-source-2.6.8/mm/mmap.c 2008-02-13 13:57:29.000000000 -0700
+@@ -1203,6 +1203,7 @@ static int acct_stack_growth(struct vm_a
+ {
+ struct mm_struct *mm = vma->vm_mm;
+ struct rlimit *rlim = current->rlim;
++ unsigned long new_start;
+
+ /* address space limit tests */
+ if (mm->total_vm + grow > rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT)
+@@ -1212,6 +1213,12 @@ static int acct_stack_growth(struct vm_a
+ if (size > rlim[RLIMIT_STACK].rlim_cur)
+ return -ENOMEM;
+
++ /* Check to ensure the stack will not grow into a hugetlb-only region */
++ new_start = (vma->vm_flags & VM_GROWSUP) ? vma->vm_start :
++ vma->vm_end - size;
++ if (is_hugepage_only_range(vma->vm_mm, new_start, size))
++ return -EFAULT;
++
+ /*
+ * Overcommit.. This must be the final test, as it will
+ * update security statistics.
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 Wed Feb 13 21:02:36 2008
@@ -11,3 +11,4 @@
+ ext2-skip-pages-past-num-blocks.dpatch
+ minixfs-printk-hang.dpatch
+ isdn-net-overflow.dpatch
++ prevent-stack-growth-into-hugetlb-region.dpatch
More information about the Kernel-svn-changes
mailing list