[kernel] r13465 - in dists/etch-security/linux-2.6.24/debian/patches: bugfix/all series
Dann Frazier
dannf at alioth.debian.org
Tue Apr 21 04:53:00 UTC 2009
Author: dannf
Date: Tue Apr 21 04:52:59 2009
New Revision: 13465
Log:
additional patch for CVE-2009-1338
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/pid-extend+fix-pid_vnr.patch
Modified:
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/pid-extend+fix-pid_vnr.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/pid-extend+fix-pid_vnr.patch Tue Apr 21 04:52:59 2009 (r13465)
@@ -0,0 +1,92 @@
+commit 44c4e1b2581f7273ab14ef30b6430618801c57b1
+Author: Eric W. Biederman <ebiederm at xmission.com>
+Date: Fri Feb 8 04:19:15 2008 -0800
+
+ pid: Extend/Fix pid_vnr
+
+ pid_vnr returns the user space pid with respect to the pid namespace the
+ struct pid was allocated in. What we want before we return a pid to user
+ space is the user space pid with respect to the pid namespace of current.
+
+ pid_vnr is a very nice optimization but because it isn't quite what we want
+ it is easy to use pid_vnr at times when we aren't certain the struct pid
+ was allocated in our pid namespace.
+
+ Currently this describes at least tiocgpgrp and tiocgsid in ttyio.c the
+ parent process reported in the core dumps and the parent process in
+ get_signal_to_deliver.
+
+ So unless the performance impact is huge having an interface that does what
+ we want instead of always what we want should be much more reliable and
+ much less error prone.
+
+ Signed-off-by: Eric W. Biederman <ebiederm at xmission.com>
+ Cc: Oleg Nesterov <oleg at tv-sign.ru>
+ Acked-by: Pavel Emelyanov <xemul at openvz.org>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/include/linux/pid.h linux-source-2.6.24/include/linux/pid.h
+--- linux-source-2.6.24.orig/include/linux/pid.h 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/include/linux/pid.h 2009-04-20 21:28:24.000000000 -0600
+@@ -127,9 +127,8 @@ extern void zap_pid_ns_processes(struct
+ * the helpers to get the pid's id seen from different namespaces
+ *
+ * pid_nr() : global id, i.e. the id seen from the init namespace;
+- * pid_vnr() : virtual id, i.e. the id seen from the namespace this pid
+- * belongs to. this only makes sence when called in the
+- * context of the task that belongs to the same namespace;
++ * pid_vnr() : virtual id, i.e. the id seen from the pid namespace of
++ * current.
+ * pid_nr_ns() : id seen from the ns specified.
+ *
+ * see also task_xid_nr() etc in include/linux/sched.h
+@@ -144,14 +143,7 @@ static inline pid_t pid_nr(struct pid *p
+ }
+
+ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns);
+-
+-static inline pid_t pid_vnr(struct pid *pid)
+-{
+- pid_t nr = 0;
+- if (pid)
+- nr = pid->numbers[pid->level].nr;
+- return nr;
+-}
++pid_t pid_vnr(struct pid *pid);
+
+ #define do_each_pid_task(pid, type, task) \
+ do { \
+diff -urpN linux-source-2.6.24.orig/include/linux/sched.h linux-source-2.6.24/include/linux/sched.h
+--- linux-source-2.6.24.orig/include/linux/sched.h 2009-04-11 14:35:47.000000000 -0600
++++ linux-source-2.6.24/include/linux/sched.h 2009-04-20 21:28:24.000000000 -0600
+@@ -1252,9 +1252,8 @@ struct pid_namespace;
+ * from various namespaces
+ *
+ * task_xid_nr() : global id, i.e. the id seen from the init namespace;
+- * task_xid_vnr() : virtual id, i.e. the id seen from the namespace the task
+- * belongs to. this only makes sence when called in the
+- * context of the task that belongs to the same namespace;
++ * task_xid_vnr() : virtual id, i.e. the id seen from the pid namespace of
++ * current.
+ * task_xid_nr_ns() : id seen from the ns specified;
+ *
+ * set_task_vxid() : assigns a virtual id to a task;
+diff -urpN linux-source-2.6.24.orig/kernel/pid.c linux-source-2.6.24/kernel/pid.c
+--- linux-source-2.6.24.orig/kernel/pid.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/kernel/pid.c 2009-04-20 21:28:24.000000000 -0600
+@@ -443,6 +443,12 @@ pid_t pid_nr_ns(struct pid *pid, struct
+ return nr;
+ }
+
++pid_t pid_vnr(struct pid *pid)
++{
++ return pid_nr_ns(pid, current->nsproxy->pid_ns);
++}
++EXPORT_SYMBOL_GPL(pid_vnr);
++
+ pid_t task_pid_nr_ns(struct task_struct *tsk, struct pid_namespace *ns)
+ {
+ return pid_nr_ns(task_pid(tsk), ns);
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Tue Apr 21 04:48:26 2009 (r13464)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Tue Apr 21 04:52:59 2009 (r13465)
@@ -81,3 +81,4 @@
+ bugfix/kvm-vmx-inhibit-EFER-access.patch
+ bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
+ bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
++ bugfix/all/pid-extend+fix-pid_vnr.patch
More information about the Kernel-svn-changes
mailing list