[kernel] r15182 - in dists/etch-security/linux-2.6: . debian debian/patches/bugfix debian/patches/bugfix/all debian/patches/bugfix/all/CVE-2009-0029 debian/patches/bugfix/mips debian/patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Feb 17 04:50:46 UTC 2010
Author: dannf
Date: Wed Feb 17 04:50:44 2010
New Revision: 15182
Log:
/home/dannf/svn/kernel/dists/etch-security/svn-commit.tmp
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch
- copied unchanged from r14955, dists/etch/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch
Modified:
dists/etch-security/linux-2.6/ (props changed)
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/ (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/all/security-keyctl-missing-kfree.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/mips/fix-potential-dos.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch (props changed)
dists/etch-security/linux-2.6/debian/patches/series/24etch1 (props changed)
dists/etch-security/linux-2.6/debian/patches/series/26etch2
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Wed Feb 17 00:13:12 2010 (r15181)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Feb 17 04:50:44 2010 (r15182)
@@ -1,5 +1,8 @@
linux-2.6 (2.6.18.dfsg.1-26etch2) UNRELEASED; urgency=low
+ * [s390] Revert syscall wrapping of execve() - 2.6.18 still
+ has some in-kernel callers which bollocks up pt_regs.
+ (Closes: #562525)
* [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
* NFSv4: Fix a problem whereby a buggy server can oops the kernel
(CVE-2009-3726)
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch (from r14955, dists/etch/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch Wed Feb 17 04:50:44 2010 (r15182, copy of r14955, dists/etch/linux-2.6/debian/patches/bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch)
@@ -0,0 +1,200 @@
+diff -urpN -x'#*' linux-source-2.6.18.orig/arch/s390/kernel/entry64.S linux-source-2.6.18/arch/s390/kernel/entry64.S
+--- linux-source-2.6.18.orig/arch/s390/kernel/entry64.S 2009-11-05 03:47:12.000000000 +0000
++++ linux-source-2.6.18/arch/s390/kernel/entry64.S 2010-01-19 06:19:21.000000000 +0000
+@@ -369,36 +369,24 @@ ret_from_fork:
+ stosm 24(%r15),0x03 # reenable interrupts
+ j sysc_return
+
+-#
+-# kernel_execve function needs to deal with pt_regs that is not
+-# at the usual place
+-#
+- .globl kernel_execve
+-kernel_execve:
+- stmg %r12,%r15,96(%r15)
+- lgr %r14,%r15
+- aghi %r15,-SP_SIZE
+- stg %r14,__SF_BACKCHAIN(%r15)
+- la %r12,SP_PTREGS(%r15)
+- xc 0(__PT_SIZE,%r12),0(%r12)
+- lgr %r5,%r12
+- brasl %r14,do_execve
+- ltgfr %r2,%r2
+- je 0f
+- aghi %r15,SP_SIZE
+- lmg %r12,%r15,96(%r15)
+- br %r14
+- # execve succeeded.
+-0: stnsm __SF_EMPTY(%r15),0xfc # disable interrupts
+- lg %r15,__LC_KERNEL_STACK # load ksp
+- aghi %r15,-SP_SIZE # make room for registers & psw
+- lg %r13,__LC_SVC_NEW_PSW+8
+- lg %r9,__LC_THREAD_INFO
+- mvc SP_PTREGS(__PT_SIZE,%r15),0(%r12) # copy pt_regs
+- xc __SF_BACKCHAIN(8,%r15),__SF_BACKCHAIN(%r15)
+- stosm __SF_EMPTY(%r15),0x03 # reenable interrupts
+- brasl %r14,execve_tail
+- j sysc_return
++sys_execve_glue:
++ la %r2,SP_PTREGS(%r15) # load pt_regs
++ lgr %r12,%r14 # save return address
++ brasl %r14,sys_execve # call sys_execve
++ ltgr %r2,%r2 # check if execve failed
++ bnz 0(%r12) # it did fail -> store result in gpr2
++ b 6(%r12) # SKIP STG 2,SP_R2(15) in
++ # system_call/sysc_tracesys
++#ifdef CONFIG_COMPAT
++sys32_execve_glue:
++ la %r2,SP_PTREGS(%r15) # load pt_regs
++ lgr %r12,%r14 # save return address
++ brasl %r14,sys32_execve # call sys32_execve
++ ltgr %r2,%r2 # check if execve failed
++ bnz 0(%r12) # it did fail -> store result in gpr2
++ b 6(%r12) # SKIP STG 2,SP_R2(15) in
++ # system_call/sysc_tracesys
++#endif
+
+ /*
+ * Program check handler routine
+diff -urpN -x'#*' linux-source-2.6.18.orig/arch/s390/kernel/entry.S linux-source-2.6.18/arch/s390/kernel/entry.S
+--- linux-source-2.6.18.orig/arch/s390/kernel/entry.S 2009-11-05 03:47:12.000000000 +0000
++++ linux-source-2.6.18/arch/s390/kernel/entry.S 2010-01-19 06:52:42.000000000 +0000
+@@ -378,39 +378,15 @@ ret_from_fork:
+ stosm __SF_EMPTY(%r15),0x03 # reenable interrupts
+ b BASED(sysc_return)
+
+-#
+-# kernel_execve function needs to deal with pt_regs that is not
+-# at the usual place
+-#
+- .globl kernel_execve
+-kernel_execve:
+- stm %r12,%r15,48(%r15)
+- lr %r14,%r15
+- l %r13,__LC_SVC_NEW_PSW+4
+- s %r15,BASED(.Lc_spsize)
+- st %r14,__SF_BACKCHAIN(%r15)
+- la %r12,SP_PTREGS(%r15)
+- xc 0(__PT_SIZE,%r12),0(%r12)
+- l %r1,BASED(.Ldo_execve)
+- lr %r5,%r12
+- basr %r14,%r1
+- ltr %r2,%r2
+- be BASED(0f)
+- a %r15,BASED(.Lc_spsize)
+- lm %r12,%r15,48(%r15)
+- br %r14
+- # execve succeeded.
+-0: stnsm __SF_EMPTY(%r15),0xfc # disable interrupts
+- l %r15,__LC_KERNEL_STACK # load ksp
+- s %r15,BASED(.Lc_spsize) # make room for registers & psw
+- l %r9,__LC_THREAD_INFO
+- mvc SP_PTREGS(__PT_SIZE,%r15),0(%r12) # copy pt_regs
+- xc __SF_BACKCHAIN(4,%r15),__SF_BACKCHAIN(%r15)
+- stosm __SF_EMPTY(%r15),0x03 # reenable interrupts
+- l %r1,BASED(.Lexecve_tail)
+- basr %r14,%r1
+- b BASED(sysc_return)
+-
++sys_execve_glue:
++ la %r2,SP_PTREGS(%r15) # load pt_regs
++ l %r1,BASED(.Lexecve)
++ lr %r12,%r14 # save return address
++ basr %r14,%r1 # call sys_execve
++ ltr %r2,%r2 # check if execve failed
++ bnz 0(%r12) # it did fail -> store result in gpr2
++ b 4(%r12) # SKIP ST 2,SP_R2(15) after BASR 14,8
++ # in system_call/sysc_tracesys
+
+ /*
+ * Program check handler routine
+@@ -1005,10 +981,9 @@ cleanup_io_leave_insn:
+ .Ldo_extint: .long do_extint
+ .Ldo_signal: .long do_signal
+ .Lhandle_per: .long do_single_step
+-.Ldo_execve: .long do_execve
+-.Lexecve_tail: .long execve_tail
+ .Ljump_table: .long pgm_check_table
+ .Lschedule: .long schedule
++.Lexecve: .long sys_execve
+ .Ltrace: .long syscall_trace
+ .Lschedtail: .long schedule_tail
+ .Lsysc_table: .long sys_call_table
+diff -urpN -x'#*' linux-source-2.6.18.orig/arch/s390/kernel/process.c linux-source-2.6.18/arch/s390/kernel/process.c
+--- linux-source-2.6.18.orig/arch/s390/kernel/process.c 2009-11-05 03:47:12.000000000 +0000
++++ linux-source-2.6.18/arch/s390/kernel/process.c 2010-01-19 07:08:48.000000000 +0000
+@@ -319,43 +319,31 @@ SYSCALL_DEFINE0(vfork)
+ regs->gprs[15], regs, 0, NULL, NULL);
+ }
+
+-asmlinkage void execve_tail(void)
+-{
+- task_lock(current);
+- current->ptrace &= ~PT_DTRACE;
+- task_unlock(current);
+- current->thread.fp_regs.fpc = 0;
+- if (MACHINE_HAS_IEEE)
+- asm volatile("sfpc %0,%0" : : "d" (0));
+-}
+-
+ /*
+ * sys_execve() executes a new program.
+ */
+-SYSCALL_DEFINE0(execve)
++asmlinkage long sys_execve(struct pt_regs regs)
+ {
+- struct pt_regs *regs = task_pt_regs(current);
+- char *filename;
+- unsigned long result;
+- int rc;
+-
+- filename = getname((char __user *) regs->orig_gpr2);
+- if (IS_ERR(filename)) {
+- result = PTR_ERR(filename);
+- goto out;
+- }
+- rc = do_execve(filename, (char __user * __user *) regs->gprs[3],
+- (char __user * __user *) regs->gprs[4], regs);
+- if (rc) {
+- result = rc;
+- goto out_putname;
++ int error;
++ char * filename;
++
++ filename = getname((char __user *) regs.orig_gpr2);
++ error = PTR_ERR(filename);
++ if (IS_ERR(filename))
++ goto out;
++ error = do_execve(filename, (char __user * __user *) regs.gprs[3],
++ (char __user * __user *) regs.gprs[4], ®s);
++ if (error == 0) {
++ task_lock(current);
++ current->ptrace &= ~PT_DTRACE;
++ task_unlock(current);
++ current->thread.fp_regs.fpc = 0;
++ if (MACHINE_HAS_IEEE)
++ asm volatile("sfpc %0,%0" : : "d" (0));
+ }
+- execve_tail();
+- result = regs->gprs[2];
+-out_putname:
+- putname(filename);
++ putname(filename);
+ out:
+- return result;
++ return error;
+ }
+
+ /*
+diff -urpN -x'#*' linux-source-2.6.18.orig/arch/s390/kernel/syscalls.S linux-source-2.6.18/arch/s390/kernel/syscalls.S
+--- linux-source-2.6.18.orig/arch/s390/kernel/syscalls.S 2009-11-05 03:47:12.000000000 +0000
++++ linux-source-2.6.18/arch/s390/kernel/syscalls.S 2010-01-19 07:08:48.000000000 +0000
+@@ -19,7 +19,7 @@ SYSCALL(sys_restart_syscall,sys_restart_
+ SYSCALL(sys_creat,sys_creat,sys32_creat_wrapper)
+ SYSCALL(sys_link,sys_link,sys32_link_wrapper)
+ SYSCALL(sys_unlink,sys_unlink,sys32_unlink_wrapper) /* 10 */
+-SYSCALL(sys_execve,sys_execve,sys32_execve)
++SYSCALL(sys_execve_glue,sys_execve_glue,sys32_execve_glue)
+ SYSCALL(sys_chdir,sys_chdir,sys32_chdir_wrapper)
+ SYSCALL(sys_time,sys_ni_syscall,sys32_time_wrapper) /* old time syscall */
+ SYSCALL(sys_mknod,sys_mknod,sys32_mknod_wrapper)
Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch2 Wed Feb 17 00:13:12 2010 (r15181)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch2 Wed Feb 17 04:50:44 2010 (r15182)
@@ -1,3 +1,4 @@
++ bugfix/all/CVE-2009-0029/0044post1-s390-unwrap-execve.patch
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
+ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
More information about the Kernel-svn-changes
mailing list