[kernel] r17189 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/s390 patches/features/all/vserver patches/series

Dann Frazier dannf at alioth.debian.org
Mon Apr 4 00:39:46 UTC 2011 

Author: dannf
Date: Mon Apr  4 00:39:36 2011
New Revision: 17189

Log:
[s390] remove task_show_regs (CVE-2011-0710)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 00:15:43 2011	(r17188)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 00:39:36 2011	(r17189)
@@ -3,6 +3,7 @@
   * net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
   * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
     (CVE-2011-0711)
+  * [s390] remove task_show_regs (CVE-2011-0710)
 
  -- dann frazier <dannf at debian.org>  Wed, 30 Mar 2011 22:46:26 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch	Mon Apr  4 00:39:36 2011	(r17189)
@@ -0,0 +1,94 @@
+commit 261cd298a8c363d7985e3482946edb4bfedacf98
+Author: Martin Schwidefsky <schwidefsky at de.ibm.com>
+Date:   Tue Feb 15 09:43:32 2011 +0100
+
+    s390: remove task_show_regs
+    
+    task_show_regs used to be a debugging aid in the early bringup days
+    of Linux on s390. /proc/<pid>/status is a world readable file, it
+    is not a good idea to show the registers of a process. The only
+    correct fix is to remove task_show_regs.
+    
+    Reported-by: Al Viro <viro at zeniv.linux.org.uk>
+    Signed-off-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.26]
+
+diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c
+index 4584d81..dc4f574 100644
+--- a/arch/s390/kernel/traps.c
++++ b/arch/s390/kernel/traps.c
+@@ -241,43 +241,6 @@ void show_regs(struct pt_regs *regs)
+ 	show_last_breaking_event(regs);
+ }
+ 
+-/* This is called from fs/proc/array.c */
+-void task_show_regs(struct seq_file *m, struct task_struct *task)
+-{
+-	struct pt_regs *regs;
+-
+-	regs = task_pt_regs(task);
+-	seq_printf(m, "task: %p, ksp: %p\n",
+-		       task, (void *)task->thread.ksp);
+-	seq_printf(m, "User PSW : %p %p\n",
+-		       (void *) regs->psw.mask, (void *)regs->psw.addr);
+-
+-	seq_printf(m, "User GPRS: " FOURLONG,
+-			  regs->gprs[0], regs->gprs[1],
+-			  regs->gprs[2], regs->gprs[3]);
+-	seq_printf(m, "           " FOURLONG,
+-			  regs->gprs[4], regs->gprs[5],
+-			  regs->gprs[6], regs->gprs[7]);
+-	seq_printf(m, "           " FOURLONG,
+-			  regs->gprs[8], regs->gprs[9],
+-			  regs->gprs[10], regs->gprs[11]);
+-	seq_printf(m, "           " FOURLONG,
+-			  regs->gprs[12], regs->gprs[13],
+-			  regs->gprs[14], regs->gprs[15]);
+-	seq_printf(m, "User ACRS: %08x %08x %08x %08x\n",
+-			  task->thread.acrs[0], task->thread.acrs[1],
+-			  task->thread.acrs[2], task->thread.acrs[3]);
+-	seq_printf(m, "           %08x %08x %08x %08x\n",
+-			  task->thread.acrs[4], task->thread.acrs[5],
+-			  task->thread.acrs[6], task->thread.acrs[7]);
+-	seq_printf(m, "           %08x %08x %08x %08x\n",
+-			  task->thread.acrs[8], task->thread.acrs[9],
+-			  task->thread.acrs[10], task->thread.acrs[11]);
+-	seq_printf(m, "           %08x %08x %08x %08x\n",
+-			  task->thread.acrs[12], task->thread.acrs[13],
+-			  task->thread.acrs[14], task->thread.acrs[15]);
+-}
+-
+ static DEFINE_SPINLOCK(die_lock);
+ 
+ void die(const char * str, struct pt_regs * regs, long err)
+diff --git a/fs/proc/array.c b/fs/proc/array.c
+index 0b2a88c..9b94c69 100644
+--- a/fs/proc/array.c
++++ b/fs/proc/array.c
+@@ -325,9 +325,6 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+ 	task_sig(m, task);
+ 	task_cap(m, task);
+ 	cpuset_task_status_allowed(m, task);
+-#if defined(CONFIG_S390)
+-	task_show_regs(m, task);
+-#endif
+ 	task_context_switch_counts(m, task);
+ 	return 0;
+ }
+diff --git a/include/asm-s390/processor.h b/include/asm-s390/processor.h
+index a00f79d..048c0a3 100644
+--- a/include/asm-s390/processor.h
++++ b/include/asm-s390/processor.h
+@@ -167,11 +167,6 @@ extern int kernel_thread(int (*fn)(void *), void * arg, unsigned long flags);
+  */
+ extern unsigned long thread_saved_pc(struct task_struct *t);
+ 
+-/*
+- * Print register of task into buffer. Used in fs/proc/array.c.
+- */
+-extern void task_show_regs(struct seq_file *m, struct task_struct *task);
+-
+ extern void show_code(struct pt_regs *regs);
+ 
+ unsigned long get_wchan(struct task_struct *p);

Modified: dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch	Mon Apr  4 00:15:43 2011	(r17188)
+++ dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch	Mon Apr  4 00:39:36 2011	(r17189)
@@ -6871,14 +6871,14 @@
  int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
  			struct pid *pid, struct task_struct *task)
  {
-@@ -325,6 +374,7 @@ int proc_pid_status(struct seq_file *m, 
+@@ -325,6 +374,7 @@
  	task_sig(m, task);
  	task_cap(m, task);
  	cpuset_task_status_allowed(m, task);
 +	task_vs_id(m, task);
- #if defined(CONFIG_S390)
- 	task_show_regs(m, task);
- #endif
+ 	task_context_switch_counts(m, task);
+ 	return 0;
+ }
 @@ -496,6 +546,17 @@ static int do_task_stat(struct seq_file 
  	/* convert nsec -> ticks */
  	start_time = nsec_to_clock_t(start_time);

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 00:15:43 2011	(r17188)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 00:39:36 2011	(r17189)
@@ -1,3 +1,4 @@
 + bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
 + bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch
 + bugfix/all/xfs-zero-proper-structure-size-for-geometry-calls.patch
++ bugfix/s390/remove-task_show_regs.patch

More information about the Kernel-svn-changes mailing list