[kernel] r13884 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/sparc patches/series

[Dann Frazier]

Author: dannf
Date: Mon Jul  6 04:03:07 2009
New Revision: 13884

Log:
[sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
(CVE-2009-1914)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch
      - copied unchanged from r13835, dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch2

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Mon Jul  6 01:42:08 2009	(r13883)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Mon Jul  6 04:03:07 2009	(r13884)
@@ -4,6 +4,8 @@
   * r8169: fix crash when large packets are received (CVE-2009-1389)
   * nfs4: fix MAY_EXEC handling (CVE-2009-1630)
   * cifs: fix several string conversion issues (CVE-2009-1633)
+  * [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
+    (CVE-2009-1914)
 
  -- dann frazier <dannf at debian.org>  Sat, 06 Jun 2009 09:49:28 -0600
 

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch (from r13835, dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch	Mon Jul  6 04:03:07 2009	(r13884, copy of r13835, dists/lenny/linux-2.6/debian/patches/bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch)
@@ -0,0 +1,34 @@
+commit 192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c
+Author: Mikulas Patocka <mpatocka at redhat.com>
+Date:   Wed Mar 18 23:53:16 2009 -0700
+
+    sparc64: Fix crash with /proc/iomem
+    
+    When you compile kernel on Sparc64 with heap memory checking and type
+    "cat /proc/iomem", you get a crash, because pointers in struct
+    resource are uninitialized.
+    
+    Most code fills struct resource with zeros, so I assume that it is
+    responsibility of the caller of request_resource to initialized it,
+    not the responsibility of request_resource functuion.
+    
+    After 2.6.29 is out, there could be a check for uninitialized fields
+    added to request_resource to avoid crashes like this.
+    
+    Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/sparc64/kernel/pci_common.c linux-source-2.6.26/arch/sparc64/kernel/pci_common.c
+--- linux-source-2.6.26.orig/arch/sparc64/kernel/pci_common.c	2009-05-11 12:06:56.000000000 -0600
++++ linux-source-2.6.26/arch/sparc64/kernel/pci_common.c	2009-06-09 00:05:23.000000000 -0600
+@@ -368,7 +368,7 @@ static void pci_register_iommu_region(st
+ 	const u32 *vdma = of_get_property(pbm->prom_node, "virtual-dma", NULL);
+ 
+ 	if (vdma) {
+-		struct resource *rp = kmalloc(sizeof(*rp), GFP_KERNEL);
++		struct resource *rp = kzalloc(sizeof(*rp), GFP_KERNEL);
+ 
+ 		if (!rp) {
+ 			prom_printf("Cannot allocate IOMMU resource.\n");

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch2	Mon Jul  6 01:42:08 2009	(r13883)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch2	Mon Jul  6 04:03:07 2009	(r13884)
@@ -3,3 +3,4 @@
 + bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch
 + bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch
 + bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch
++ bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch