[kernel] r15125 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/powerpc patches/bugfix/sparc patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Fri Feb 5 01:29:30 UTC 2010
Author: dannf
Date: Fri Feb 5 01:29:28 2010
New Revision: 15125
Log:
Additional fixes for CVE-2010-0307
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch
- copied, changed from r15124, dists/trunk/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch
dists/lenny-security/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
- copied, changed from r15124, dists/trunk/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch
- copied unchanged from r15096, dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch
dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
Modified:
dists/lenny-security/linux-2.6/debian/changelog
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Thu Feb 4 21:15:57 2010 (r15124)
+++ dists/lenny-security/linux-2.6/debian/changelog Fri Feb 5 01:29:28 2010 (r15125)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.26-21lenny3) UNRELEASED; urgency=high
+
+ * Additional fixes for CVE-2010-0307
+
+ -- dann frazier <dannf at debian.org> Thu, 04 Feb 2010 17:43:31 -0700
+
linux-2.6 (2.6.26-21lenny2) stable-security; urgency=high
[ dann frazier ]
Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch (from r15124, dists/trunk/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch)
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch Thu Feb 4 21:15:57 2010 (r15124, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch Fri Feb 5 01:29:28 2010 (r15125)
@@ -20,11 +20,36 @@
arch/powerpc/kernel/process.c | 12 ------------
3 files changed, 2 insertions(+), 20 deletions(-)
---- a/arch/powerpc/include/asm/elf.h
-+++ b/arch/powerpc/include/asm/elf.h
-@@ -236,14 +236,10 @@ typedef elf_vrregset_t elf_fpxregset_t;
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/powerpc/kernel/process.c linux-source-2.6.26/arch/powerpc/kernel/process.c
+--- linux-source-2.6.26.orig/arch/powerpc/kernel/process.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/arch/powerpc/kernel/process.c 2010-02-04 17:44:40.000000000 -0700
+@@ -501,18 +501,6 @@ void exit_thread(void)
+
+ void flush_thread(void)
+ {
+-#ifdef CONFIG_PPC64
+- struct thread_info *t = current_thread_info();
+-
+- if (test_ti_thread_flag(t, TIF_ABI_PENDING)) {
+- clear_ti_thread_flag(t, TIF_ABI_PENDING);
+- if (test_ti_thread_flag(t, TIF_32BIT))
+- clear_ti_thread_flag(t, TIF_32BIT);
+- else
+- set_ti_thread_flag(t, TIF_32BIT);
+- }
+-#endif
+-
+ discard_lazy_cpu_state();
+
+ if (current->thread.dabr) {
+diff -urpN linux-source-2.6.26.orig/include/asm-powerpc/elf.h linux-source-2.6.26/include/asm-powerpc/elf.h
+--- linux-source-2.6.26.orig/include/asm-powerpc/elf.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-powerpc/elf.h 2010-02-04 17:46:53.000000000 -0700
+@@ -248,14 +248,10 @@ extern int dump_task_altivec(struct task
#ifdef __powerpc64__
- # define SET_PERSONALITY(ex) \
+ # define SET_PERSONALITY(ex, ibcs2) \
do { \
- unsigned long new_flags = 0; \
if ((ex).e_ident[EI_CLASS] == ELFCLASS32) \
@@ -37,44 +62,24 @@
- clear_thread_flag(TIF_ABI_PENDING); \
+ clear_thread_flag(TIF_32BIT); \
if (personality(current->personality) != PER_LINUX32) \
- set_personality(PER_LINUX | \
- (current->personality & (~PER_MASK))); \
---- a/arch/powerpc/include/asm/thread_info.h
-+++ b/arch/powerpc/include/asm/thread_info.h
-@@ -111,7 +111,6 @@ static inline struct thread_info *curren
- #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */
+ set_personality(PER_LINUX); \
+ } while (0)
+diff -urpN linux-source-2.6.26.orig/include/asm-powerpc/thread_info.h linux-source-2.6.26/include/asm-powerpc/thread_info.h
+--- linux-source-2.6.26.orig/include/asm-powerpc/thread_info.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-powerpc/thread_info.h 2010-02-04 17:47:46.000000000 -0700
+@@ -119,7 +119,6 @@ static inline struct thread_info *curren
+ #define TIF_RESTORE_SIGMASK 13 /* Restore signal mask in do_signal */
#define TIF_FREEZE 14 /* Freezing for suspend */
#define TIF_RUNLATCH 15 /* Is the runlatch enabled? */
-#define TIF_ABI_PENDING 16 /* 32/64 bit switch needed */
/* as above, but as bit values */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -129,7 +128,6 @@ static inline struct thread_info *curren
- #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
+@@ -137,7 +136,6 @@ static inline struct thread_info *curren
+ #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK)
#define _TIF_FREEZE (1<<TIF_FREEZE)
#define _TIF_RUNLATCH (1<<TIF_RUNLATCH)
-#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP)
- #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
---- a/arch/powerpc/kernel/process.c
-+++ b/arch/powerpc/kernel/process.c
-@@ -554,18 +554,6 @@ void exit_thread(void)
-
- void flush_thread(void)
- {
--#ifdef CONFIG_PPC64
-- struct thread_info *t = current_thread_info();
--
-- if (test_ti_thread_flag(t, TIF_ABI_PENDING)) {
-- clear_ti_thread_flag(t, TIF_ABI_PENDING);
-- if (test_ti_thread_flag(t, TIF_32BIT))
-- clear_ti_thread_flag(t, TIF_32BIT);
-- else
-- set_ti_thread_flag(t, TIF_32BIT);
-- }
--#endif
--
- discard_lazy_cpu_state();
-
- if (current->thread.dabr) {
+ #define _TIF_USER_WORK_MASK ( _TIF_SIGPENDING | \
Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch (from r15124, dists/trunk/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch)
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch Thu Feb 4 21:15:57 2010 (r15124, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch Fri Feb 5 01:29:28 2010 (r15125)
@@ -20,12 +20,33 @@
arch/sparc/kernel/process_64.c | 8 --------
3 files changed, 4 insertions(+), 21 deletions(-)
---- a/arch/sparc/include/asm/elf_64.h
-+++ b/arch/sparc/include/asm/elf_64.h
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/sparc64/kernel/process.c linux-source-2.6.26/arch/sparc64/kernel/process.c
+--- linux-source-2.6.26.orig/arch/sparc64/kernel/process.c 2010-02-01 23:54:25.000000000 -0700
++++ linux-source-2.6.26/arch/sparc64/kernel/process.c 2010-02-04 18:02:44.000000000 -0700
+@@ -468,14 +468,6 @@ void flush_thread(void)
+ struct thread_info *t = current_thread_info();
+ struct mm_struct *mm;
+
+- if (test_ti_thread_flag(t, TIF_ABI_PENDING)) {
+- clear_ti_thread_flag(t, TIF_ABI_PENDING);
+- if (test_ti_thread_flag(t, TIF_32BIT))
+- clear_ti_thread_flag(t, TIF_32BIT);
+- else
+- set_ti_thread_flag(t, TIF_32BIT);
+- }
+-
+ mm = t->task->mm;
+ if (mm)
+ tsb_context_switch(mm);
+diff -urpN linux-source-2.6.26.orig/include/asm-sparc64/elf.h linux-source-2.6.26/include/asm-sparc64/elf.h
+--- linux-source-2.6.26.orig/include/asm-sparc64/elf.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-sparc64/elf.h 2010-02-04 17:59:00.000000000 -0700
@@ -196,17 +196,10 @@ static inline unsigned int sparc64_elf_h
#define ELF_PLATFORM (NULL)
- #define SET_PERSONALITY(ex) \
+ #define SET_PERSONALITY(ex, ibcs2) \
-do { unsigned long new_flags = current_thread_info()->flags; \
- new_flags &= _TIF_32BIT; \
- if ((ex).e_ident[EI_CLASS] == ELFCLASS32) \
@@ -41,10 +62,11 @@
- clear_thread_flag(TIF_ABI_PENDING); \
+ clear_thread_flag(TIF_32BIT); \
/* flush_thread will update pgd cache */ \
- if (personality(current->personality) != PER_LINUX32) \
- set_personality(PER_LINUX | \
---- a/arch/sparc/include/asm/thread_info_64.h
-+++ b/arch/sparc/include/asm/thread_info_64.h
+ if (ibcs2) \
+ set_personality(PER_SVR4); \
+diff -urpN linux-source-2.6.26.orig/include/asm-sparc64/thread_info.h linux-source-2.6.26/include/asm-sparc64/thread_info.h
+--- linux-source-2.6.26.orig/include/asm-sparc64/thread_info.h 2010-02-04 17:45:17.000000000 -0700
++++ linux-source-2.6.26/include/asm-sparc64/thread_info.h 2010-02-04 18:00:37.000000000 -0700
@@ -227,12 +227,11 @@ register struct thread_info *current_thr
/* flag bit 8 is available */
#define TIF_SECCOMP 9 /* secure computing */
@@ -58,29 +80,12 @@
+/* flag bit 12 is available */
#define TIF_MEMDIE 13
#define TIF_POLLING_NRFLAG 14
- #define TIF_FREEZE 15 /* is freezing for suspend */
-@@ -246,7 +245,6 @@ register struct thread_info *current_thr
+
+@@ -244,7 +243,6 @@ register struct thread_info *current_thr
#define _TIF_32BIT (1<<TIF_32BIT)
#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
-#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
- #define _TIF_FREEZE (1<<TIF_FREEZE)
-
---- a/arch/sparc/kernel/process_64.c
-+++ b/arch/sparc/kernel/process_64.c
-@@ -365,14 +365,6 @@ void flush_thread(void)
- struct thread_info *t = current_thread_info();
- struct mm_struct *mm;
-- if (test_ti_thread_flag(t, TIF_ABI_PENDING)) {
-- clear_ti_thread_flag(t, TIF_ABI_PENDING);
-- if (test_ti_thread_flag(t, TIF_32BIT))
-- clear_ti_thread_flag(t, TIF_32BIT);
-- else
-- set_ti_thread_flag(t, TIF_32BIT);
-- }
--
- mm = t->task->mm;
- if (mm)
- tsb_context_switch(mm);
+ #define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch (from r15096, dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch Fri Feb 5 01:29:28 2010 (r15125, copy of r15096, dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch)
@@ -0,0 +1,107 @@
+commit 05d43ed8a89c159ff641d472f970e3f1baa66318
+Author: H. Peter Anvin <hpa at zytor.com>
+Date: Thu Jan 28 22:14:43 2010 -0800
+
+ x86: get rid of the insane TIF_ABI_PENDING bit
+
+ Now that the previous commit made it possible to do the personality
+ setting at the point of no return, we do just that for ELF binaries.
+ And suddenly all the reasons for that insane TIF_ABI_PENDING bit go
+ away, and we can just make SET_PERSONALITY() just do the obvious thing
+ for a 32-bit compat process.
+
+ Everything becomes much more straightforward this way.
+
+ Signed-off-by: H. Peter Anvin <hpa at zytor.com>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/ia32/ia32_aout.c linux-source-2.6.26/arch/x86/ia32/ia32_aout.c
+--- linux-source-2.6.26.orig/arch/x86/ia32/ia32_aout.c 2010-02-01 15:30:45.000000000 -0700
++++ linux-source-2.6.26/arch/x86/ia32/ia32_aout.c 2010-02-01 21:55:11.000000000 -0700
+@@ -309,7 +309,6 @@ static int load_aout_binary(struct linux
+ /* OK, This is the point of no return */
+ set_personality(PER_LINUX);
+ set_thread_flag(TIF_IA32);
+- clear_thread_flag(TIF_ABI_PENDING);
+
+ setup_new_exec(bprm);
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/kernel/process_64.c linux-source-2.6.26/arch/x86/kernel/process_64.c
+--- linux-source-2.6.26.orig/arch/x86/kernel/process_64.c 2010-01-29 17:50:35.000000000 -0700
++++ linux-source-2.6.26/arch/x86/kernel/process_64.c 2010-02-01 22:09:43.000000000 -0700
+@@ -273,15 +273,6 @@ void flush_thread(void)
+ {
+ struct task_struct *tsk = current;
+
+- if (test_tsk_thread_flag(tsk, TIF_ABI_PENDING)) {
+- clear_tsk_thread_flag(tsk, TIF_ABI_PENDING);
+- if (test_tsk_thread_flag(tsk, TIF_IA32)) {
+- clear_tsk_thread_flag(tsk, TIF_IA32);
+- } else {
+- set_tsk_thread_flag(tsk, TIF_IA32);
+- current_thread_info()->status |= TS_COMPAT;
+- }
+- }
+ clear_tsk_thread_flag(tsk, TIF_DEBUG);
+
+ tsk->thread.debugreg0 = 0;
+@@ -731,6 +722,17 @@ asmlinkage long sys_vfork(struct pt_regs
+ NULL, NULL);
+ }
+
++void set_personality_ia32(void)
++{
++ /* inherit personality from parent */
++
++ /* Make sure to be in 32bit mode */
++ set_thread_flag(TIF_IA32);
++
++ /* Prepare the first "return" to user space */
++ current_thread_info()->status |= TS_COMPAT;
++}
++
+ unsigned long get_wchan(struct task_struct *p)
+ {
+ unsigned long stack;
+diff -urpN linux-source-2.6.26.orig/include/asm-x86/elf.h linux-source-2.6.26/include/asm-x86/elf.h
+--- linux-source-2.6.26.orig/include/asm-x86/elf.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-x86/elf.h 2010-02-01 22:08:07.000000000 -0700
+@@ -185,14 +185,8 @@ do { \
+ set_fs(USER_DS); \
+ } while (0)
+
+-#define COMPAT_SET_PERSONALITY(ex, ibcs2) \
+-do { \
+- if (test_thread_flag(TIF_IA32)) \
+- clear_thread_flag(TIF_ABI_PENDING); \
+- else \
+- set_thread_flag(TIF_ABI_PENDING); \
+- current->personality |= force_personality32; \
+-} while (0)
++void set_personality_ia32(void);
++#define COMPAT_SET_PERSONALITY(ex, ibcs2) set_personality_ia32()
+
+ #define COMPAT_ELF_PLATFORM ("i686")
+
+diff -urpN linux-source-2.6.26.orig/include/asm-x86/thread_info_64.h linux-source-2.6.26/include/asm-x86/thread_info_64.h
+--- linux-source-2.6.26.orig/include/asm-x86/thread_info_64.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/asm-x86/thread_info_64.h 2010-02-01 21:56:33.000000000 -0700
+@@ -114,7 +114,6 @@ static inline struct thread_info *stack_
+ /* 16 free */
+ #define TIF_IA32 17 /* 32bit process */
+ #define TIF_FORK 18 /* ret_from_fork */
+-#define TIF_ABI_PENDING 19
+ #define TIF_MEMDIE 20
+ #define TIF_DEBUG 21 /* uses debug registers */
+ #define TIF_IO_BITMAP 22 /* uses I/O bitmap */
+@@ -136,7 +135,6 @@ static inline struct thread_info *stack_
+ #define _TIF_HRTICK_RESCHED (1 << TIF_HRTICK_RESCHED)
+ #define _TIF_IA32 (1 << TIF_IA32)
+ #define _TIF_FORK (1 << TIF_FORK)
+-#define _TIF_ABI_PENDING (1 << TIF_ABI_PENDING)
+ #define _TIF_DEBUG (1 << TIF_DEBUG)
+ #define _TIF_IO_BITMAP (1 << TIF_IO_BITMAP)
+ #define _TIF_FREEZE (1 << TIF_FREEZE)
Added: dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny3 Fri Feb 5 01:29:28 2010 (r15125)
@@ -0,0 +1,3 @@
++ bugfix/x86/get-rid-of-TIF_ABI_PENDING-bit.patch
++ bugfix/powerpc/powerpc-tif_abi_pending-bit-removal.patch
++ bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
More information about the Kernel-svn-changes
mailing list