[kernel] r12966 - in dists/etch-security/linux-2.6/debian/patches: bugfix/all/CVE-2009-0029 series

Tue Mar 3 06:32:30 UTC 2009

Author: dannf
Date: Tue Mar  3 06:32:29 2009
New Revision: 12966

Log:
additional mips fixes for CVE-2009-0029

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-finish-fixing-CVE-2009-0029.patch
      - copied unchanged from r12952, /dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-finish-fixing-CVE-2009-0029.patch
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch
      - copied, changed from r12952, /dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch
Modified:
   dists/etch-security/linux-2.6/debian/patches/series/24etch1

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch
==============================================================================

--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch	Tue Mar  3 06:32:29 2009
@@ -0,0 +1,77 @@
+commit 8213bbf9c1c0009872a3278aa7a83ec8f3508195
+Author: Ralf Baechle <ralf at linux-mips.org>
+Date:   Sun Jul 20 13:16:46 2008 +0100
+
+    [MIPS] Rename MIPS sys_pipe syscall entry point to something MIPS-specific.
+    
+    Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
+--- a/arch/mips/kernel/scall32-o32.S	2009-03-01 21:21:31.000000000 -0700
++++ b/arch/mips/kernel/scall32-o32.S	2009-03-01 21:34:50.000000000 -0700
+@@ -377,7 +377,7 @@ einval:	li	v0, -EINVAL
+ 	sys	sys_mkdir		2
+ 	sys	sys_rmdir		1	/* 4040 */
+ 	sys	sys_dup			1
+-	sys	sys_pipe		0
++	sys	sysm_pipe		0
+ 	sys	sys_times		1
+ 	sys	sys_ni_syscall		0
+ 	sys	sys_brk			1	/* 4045 */
+diff -urpN a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S
+--- a/arch/mips/kernel/scall64-64.S	2006-09-19 21:42:06.000000000 -0600
++++ b/arch/mips/kernel/scall64-64.S	2009-03-01 21:34:50.000000000 -0700
+@@ -219,7 +219,7 @@ sys_call_table:
+ 	PTR	sys_readv
+ 	PTR	sys_writev
+ 	PTR	sys_access			/* 5020 */
+-	PTR	sys_pipe
++	PTR	sysm_pipe
+ 	PTR	sys_select
+ 	PTR	sys_sched_yield
+ 	PTR	sys_mremap
+diff -urpN a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
+--- a/arch/mips/kernel/scall64-n32.S	2009-03-01 21:34:18.000000000 -0700
++++ b/arch/mips/kernel/scall64-n32.S	2009-03-01 21:34:50.000000000 -0700
+@@ -141,7 +141,7 @@ EXPORT(sysn32_call_table)
+ 	PTR	compat_sys_readv
+ 	PTR	compat_sys_writev
+ 	PTR	sys_access			/* 6020 */
+-	PTR	sys_pipe
++	PTR	sysm_pipe
+ 	PTR	compat_sys_select
+ 	PTR	sys_sched_yield
+ 	PTR	sys_mremap
+diff -urpN a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+--- a/arch/mips/kernel/scall64-o32.S	2009-03-01 21:34:18.000000000 -0700
++++ b/arch/mips/kernel/scall64-o32.S	2009-03-01 21:34:50.000000000 -0700
+@@ -245,7 +245,7 @@ sys_call_table:
+ 	PTR	sys_mkdir
+ 	PTR	sys_rmdir			/* 4040 */
+ 	PTR	sys_dup
+-	PTR	sys_pipe
++	PTR	sysm_pipe
+ 	PTR	compat_sys_times
+ 	PTR	sys_ni_syscall
+ 	PTR	sys_brk				/* 4045 */
+diff -urpN a/arch/mips/kernel/syscall.c b/arch/mips/kernel/syscall.c
+--- a/arch/mips/kernel/syscall.c	2009-03-01 21:21:16.000000000 -0700
++++ b/arch/mips/kernel/syscall.c	2009-03-01 21:34:50.000000000 -0700
+@@ -40,7 +40,14 @@
+ #include <asm/sysmips.h>
+ #include <asm/uaccess.h>
+ 
+-asmlinkage int sys_pipe(nabi_no_regargs volatile struct pt_regs regs)
++/*
++ * For historic reasons the pipe(2) syscall on MIPS has an unusual calling
++ * convention.  It returns results in registers $v0 / $v1 which means there
++ * is no need for it to do verify the validity of a userspace pointer
++ * argument.  Historically that used to be expensive in Linux.  These days
++ * the performance advantage is negligible.
++ */
++asmlinkage int sysm_pipe(nabi_no_regargs volatile struct pt_regs regs)
+ {
+ 	int fd[2];
+ 	int error, res;

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch (from r12952, /dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch)
==============================================================================
--- /dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch	(original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch	Tue Mar  3 06:32:29 2009
@@ -10,14 +10,15 @@
 Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
 ---
 
-diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
-index 6ee7997..98f89f7 100644
---- a/arch/mips/kernel/scall64-o32.S
-+++ b/arch/mips/kernel/scall64-o32.S
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+--- a/arch/mips/kernel/scall64-o32.S	2009-03-01 21:21:31.000000000 -0700
++++ b/arch/mips/kernel/scall64-o32.S	2009-03-01 21:30:07.000000000 -0700
 @@ -320,7 +320,7 @@ sys_call_table:
  	PTR	compat_sys_wait4
  	PTR	sys_swapoff			/* 4115 */
- 	PTR	compat_sys_sysinfo
+ 	PTR	sys32_sysinfo
 -	PTR	sys32_ipc
 +	PTR	sys_32_ipc
  	PTR	sys_fsync

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1	Tue Mar  3 06:32:29 2009
@@ -62,3 +62,6 @@
 + bugfix/mips/fix-potential-dos.patch
 + bugfix/all/net-SO_BSDCOMPAT-leak.patch
 + bugfix/all/net-SO_BSDCOMPAT-leak-2.patch
++ bugfix/all/CVE-2009-0029/mips-wire-up-o32-syscall-to-the-right-function.patch
++ bugfix/all/CVE-2009-0029/mips-finish-fixing-CVE-2009-0029.patch
++ bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch

