[kernel] r17189 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/s390 patches/features/all/vserver patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 4 00:39:46 UTC 2011
Author: dannf
Date: Mon Apr 4 00:39:36 2011
New Revision: 17189
Log:
[s390] remove task_show_regs (CVE-2011-0710)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 00:15:43 2011 (r17188)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 00:39:36 2011 (r17189)
@@ -3,6 +3,7 @@
* net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
(CVE-2011-0711)
+ * [s390] remove task_show_regs (CVE-2011-0710)
-- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/s390/remove-task_show_regs.patch Mon Apr 4 00:39:36 2011 (r17189)
@@ -0,0 +1,94 @@
+commit 261cd298a8c363d7985e3482946edb4bfedacf98
+Author: Martin Schwidefsky <schwidefsky at de.ibm.com>
+Date: Tue Feb 15 09:43:32 2011 +0100
+
+ s390: remove task_show_regs
+
+ task_show_regs used to be a debugging aid in the early bringup days
+ of Linux on s390. /proc/<pid>/status is a world readable file, it
+ is not a good idea to show the registers of a process. The only
+ correct fix is to remove task_show_regs.
+
+ Reported-by: Al Viro <viro at zeniv.linux.org.uk>
+ Signed-off-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+ [dannf: backported to Debian's 2.6.26]
+
+diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c
+index 4584d81..dc4f574 100644
+--- a/arch/s390/kernel/traps.c
++++ b/arch/s390/kernel/traps.c
+@@ -241,43 +241,6 @@ void show_regs(struct pt_regs *regs)
+ show_last_breaking_event(regs);
+ }
+
+-/* This is called from fs/proc/array.c */
+-void task_show_regs(struct seq_file *m, struct task_struct *task)
+-{
+- struct pt_regs *regs;
+-
+- regs = task_pt_regs(task);
+- seq_printf(m, "task: %p, ksp: %p\n",
+- task, (void *)task->thread.ksp);
+- seq_printf(m, "User PSW : %p %p\n",
+- (void *) regs->psw.mask, (void *)regs->psw.addr);
+-
+- seq_printf(m, "User GPRS: " FOURLONG,
+- regs->gprs[0], regs->gprs[1],
+- regs->gprs[2], regs->gprs[3]);
+- seq_printf(m, " " FOURLONG,
+- regs->gprs[4], regs->gprs[5],
+- regs->gprs[6], regs->gprs[7]);
+- seq_printf(m, " " FOURLONG,
+- regs->gprs[8], regs->gprs[9],
+- regs->gprs[10], regs->gprs[11]);
+- seq_printf(m, " " FOURLONG,
+- regs->gprs[12], regs->gprs[13],
+- regs->gprs[14], regs->gprs[15]);
+- seq_printf(m, "User ACRS: %08x %08x %08x %08x\n",
+- task->thread.acrs[0], task->thread.acrs[1],
+- task->thread.acrs[2], task->thread.acrs[3]);
+- seq_printf(m, " %08x %08x %08x %08x\n",
+- task->thread.acrs[4], task->thread.acrs[5],
+- task->thread.acrs[6], task->thread.acrs[7]);
+- seq_printf(m, " %08x %08x %08x %08x\n",
+- task->thread.acrs[8], task->thread.acrs[9],
+- task->thread.acrs[10], task->thread.acrs[11]);
+- seq_printf(m, " %08x %08x %08x %08x\n",
+- task->thread.acrs[12], task->thread.acrs[13],
+- task->thread.acrs[14], task->thread.acrs[15]);
+-}
+-
+ static DEFINE_SPINLOCK(die_lock);
+
+ void die(const char * str, struct pt_regs * regs, long err)
+diff --git a/fs/proc/array.c b/fs/proc/array.c
+index 0b2a88c..9b94c69 100644
+--- a/fs/proc/array.c
++++ b/fs/proc/array.c
+@@ -325,9 +325,6 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+ task_sig(m, task);
+ task_cap(m, task);
+ cpuset_task_status_allowed(m, task);
+-#if defined(CONFIG_S390)
+- task_show_regs(m, task);
+-#endif
+ task_context_switch_counts(m, task);
+ return 0;
+ }
+diff --git a/include/asm-s390/processor.h b/include/asm-s390/processor.h
+index a00f79d..048c0a3 100644
+--- a/include/asm-s390/processor.h
++++ b/include/asm-s390/processor.h
+@@ -167,11 +167,6 @@ extern int kernel_thread(int (*fn)(void *), void * arg, unsigned long flags);
+ */
+ extern unsigned long thread_saved_pc(struct task_struct *t);
+
+-/*
+- * Print register of task into buffer. Used in fs/proc/array.c.
+- */
+-extern void task_show_regs(struct seq_file *m, struct task_struct *task);
+-
+ extern void show_code(struct pt_regs *regs);
+
+ unsigned long get_wchan(struct task_struct *p);
Modified: dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch Mon Apr 4 00:15:43 2011 (r17188)
+++ dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch Mon Apr 4 00:39:36 2011 (r17189)
@@ -6871,14 +6871,14 @@
int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
-@@ -325,6 +374,7 @@ int proc_pid_status(struct seq_file *m,
+@@ -325,6 +374,7 @@
task_sig(m, task);
task_cap(m, task);
cpuset_task_status_allowed(m, task);
+ task_vs_id(m, task);
- #if defined(CONFIG_S390)
- task_show_regs(m, task);
- #endif
+ task_context_switch_counts(m, task);
+ return 0;
+ }
@@ -496,6 +546,17 @@ static int do_task_stat(struct seq_file
/* convert nsec -> ticks */
start_time = nsec_to_clock_t(start_time);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 00:15:43 2011 (r17188)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 00:39:36 2011 (r17189)
@@ -1,3 +1,4 @@
+ bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
+ bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch
+ bugfix/all/xfs-zero-proper-structure-size-for-geometry-calls.patch
++ bugfix/s390/remove-task_show_regs.patch
More information about the Kernel-svn-changes
mailing list