[kernel] r18066 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Fri Sep 9 15:22:32 UTC 2011 

Author: dannf
Date: Fri Sep  9 15:22:30 2011
New Revision: 18066

Log:
Fix regression in /proc/<pid>/maps fixes for CVE-2011-1020
(Closes: #640966)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Fri Sep  9 13:54:17 2011	(r18065)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Fri Sep  9 15:22:30 2011	(r18066)
@@ -1,6 +1,8 @@
-linux-2.6 (2.6.32-35squeeze2) UNRELEASED; urgency=low
+linux-2.6 (2.6.32-35squeeze2) UNRELEASED; urgency=high
 
   * ipv6: make fragment identifications less predictable (CVE-2011-2699)
+  * Fix regression in /proc/<pid>/maps fixes for CVE-2011-1020
+    (Closes: #640966)
 
  -- dann frazier <dannf at debian.org>  Tue, 06 Sep 2011 15:58:45 -0600
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch	Fri Sep  9 15:22:30 2011	(r18066)
@@ -0,0 +1,37 @@
+commit 76597cd31470fa130784c78fadb4dab2e624a723
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Sun Mar 27 19:09:29 2011 -0700
+
+    proc: fix oops on invalid /proc/<pid>/maps access
+    
+    When m_start returns an error, the seq_file logic will still call m_stop
+    with that error entry, so we'd better make sure that we check it before
+    using it as a vma.
+    
+    Introduced by commit ec6fd8a4355c ("report errors in /proc/*/*map*
+    sanely"), which replaced NULL with various ERR_PTR() cases.
+    
+    (On ia64, you happen to get a unaligned fault instead of a page fault,
+    since the address used is generally some random error code like -EPERM)
+    
+    Reported-by: Anca Emanuel <anca.emanuel at gmail.com>
+    Reported-by: Tony Luck <tony.luck at intel.com>
+    Cc: Al Viro <viro at zeniv.linux.org.uk>
+    Cc: Américo Wang <xiyou.wangcong at gmail.com>
+    Cc: Stephen Wilson <wilsons at start.ca>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
+index 7c708a4..2e7addf 100644
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -182,7 +182,8 @@ static void m_stop(struct seq_file *m, void *v)
+ 	struct proc_maps_private *priv = m->private;
+ 	struct vm_area_struct *vma = v;
+ 
+-	vma_stop(priv, vma);
++	if (!IS_ERR(vma))
++		vma_stop(priv, vma);
+ 	if (priv->task)
+ 		put_task_struct(priv->task);
+ }

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2	Fri Sep  9 13:54:17 2011	(r18065)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2	Fri Sep  9 15:22:30 2011	(r18066)
@@ -1,2 +1,3 @@
 + bugfix/all/inetpeer-optimize-inet_getid.patch
 + bugfix/all/ipv6-make-fragment-identifications-less-predictable.patch
++ bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch

More information about the Kernel-svn-changes mailing list