[kernel] r15989 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/features/all/openvz patches/series
Ben Hutchings
benh at alioth.debian.org
Fri Jul 16 02:32:42 UTC 2010
Author: benh
Date: Fri Jul 16 02:32:39 2010
New Revision: 15989
Log:
exec: Fix 'flush_old_exec()/setup_new_exec()' split (Closes: #589179)
This fixes a regression introduced by the fix for CVE-2010-0307,
split-flush_old_exec-into-two-functions.patch
Adjust context in openvz.patch
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/exec-Fix-flush_old_exec-setup_new_exec-split.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch
dists/lenny/linux-2.6/debian/patches/series/25
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog Thu Jul 15 23:03:46 2010 (r15988)
+++ dists/lenny/linux-2.6/debian/changelog Fri Jul 16 02:32:39 2010 (r15989)
@@ -2,6 +2,8 @@
[ Ben Hutchings ]
* pid_ns: Ensure that child_reaper is always valid (Closes: #570350)
+ * exec: Fix 'flush_old_exec()/setup_new_exec()' split (Closes: #589179;
+ regression due to fix for CVE-2010-0307)
[ Moritz Muehlenhoff ]
* parport: quickfix the proc registration bug (Closes: #588672)
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/exec-Fix-flush_old_exec-setup_new_exec-split.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/exec-Fix-flush_old_exec-setup_new_exec-split.patch Fri Jul 16 02:32:39 2010 (r15989)
@@ -0,0 +1,63 @@
+From 7ad2dabd30866715de71b2d3f0be136c0a26b3bd Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Tue, 2 Feb 2010 12:37:44 -0800
+Subject: [PATCH] Fix 'flush_old_exec()/setup_new_exec()' split
+
+commit 7ab02af428c2d312c0cf8fb0b01cc1eb21131a3d upstream.
+
+Commit 221af7f87b9 ("Split 'flush_old_exec' into two functions") split
+the function at the point of no return - ie right where there were no
+more error cases to check. That made sense from a technical standpoint,
+but when we then also combined it with the actual personality setting
+going in between flush_old_exec() and setup_new_exec(), it needs to be a
+bit more careful.
+
+In particular, we need to make sure that we really flush the old
+personality bits in the 'flush' stage, rather than later in the 'setup'
+stage, since otherwise we might be flushing the _new_ personality state
+that we're just setting up.
+
+So this moves the flags and personality flushing (and 'flush_thread()',
+which is the arch-specific function that generally resets lazy FP state
+etc) of the old process into flush_old_exec(), so that it doesn't affect
+any state that execve() is setting up for the new process environment.
+
+This was reported by Michal Simek as breaking his Microblaze qemu
+environment.
+
+Reported-and-tested-by: Michal Simek <michal.simek at petalogix.com>
+Cc: Peter Anvin <hpa at zytor.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+[bwh: Backport to 2.6.26]
+---
+ fs/exec.c | 7 ++++---
+ 1 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/fs/exec.c b/fs/exec.c
+index f12ede3..164ac13 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -967,6 +967,10 @@ int flush_old_exec(struct linux_binprm * bprm)
+ goto out;
+
+ bprm->mm = NULL; /* We're using it now */
++
++ current->flags &= ~PF_RANDOMIZE;
++ flush_thread();
++
+ return 0;
+
+ out:
+@@ -1003,9 +1007,6 @@ void setup_new_exec(struct linux_binprm * bprm)
+ tcomm[i] = '\0';
+ set_task_comm(current, tcomm);
+
+- current->flags &= ~PF_RANDOMIZE;
+- flush_thread();
+-
+ /* Set the new mm task size. We have to do that late because it may
+ * depend on TIF_32BIT which is only updated in flush_thread() on
+ * some architectures like powerpc
+--
+1.7.1
+
Modified: dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch Thu Jul 15 23:03:46 2010 (r15988)
+++ dists/lenny/linux-2.6/debian/patches/features/all/openvz/openvz.patch Fri Jul 16 02:32:39 2010 (r15989)
@@ -7875,9 +7875,9 @@
goto out;
- bprm->mm = NULL; /* We're using it now */
- return 0;
- out:
+ current->flags &= ~PF_RANDOMIZE;
+ flush_thread();
@@ -1275,6 +1303,10 @@ int do_execve(char * filename,
struct files_struct *displaced;
int retval;
Modified: dists/lenny/linux-2.6/debian/patches/series/25
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/25 Thu Jul 15 23:03:46 2010 (r15988)
+++ dists/lenny/linux-2.6/debian/patches/series/25 Fri Jul 16 02:32:39 2010 (r15989)
@@ -1,4 +1,4 @@
+ bugfix/all/pid_ns-zap_pid_ns_processes-fix-the-child_reaper.patch
+ bugfix/all/pid_ns-change-child_reaper-when-init-group_leader-exits.patch
+ bugfix/all/parport-quickfix-proc-registration.patch
-
++ bugfix/all/exec-Fix-flush_old_exec-setup_new_exec-split.patch
More information about the Kernel-svn-changes
mailing list