[kernel] r18066 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Fri Sep 9 15:22:32 UTC 2011
Author: dannf
Date: Fri Sep 9 15:22:30 2011
New Revision: 18066
Log:
Fix regression in /proc/<pid>/maps fixes for CVE-2011-1020
(Closes: #640966)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Fri Sep 9 13:54:17 2011 (r18065)
+++ dists/squeeze-security/linux-2.6/debian/changelog Fri Sep 9 15:22:30 2011 (r18066)
@@ -1,6 +1,8 @@
-linux-2.6 (2.6.32-35squeeze2) UNRELEASED; urgency=low
+linux-2.6 (2.6.32-35squeeze2) UNRELEASED; urgency=high
* ipv6: make fragment identifications less predictable (CVE-2011-2699)
+ * Fix regression in /proc/<pid>/maps fixes for CVE-2011-1020
+ (Closes: #640966)
-- dann frazier <dannf at debian.org> Tue, 06 Sep 2011 15:58:45 -0600
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch Fri Sep 9 15:22:30 2011 (r18066)
@@ -0,0 +1,37 @@
+commit 76597cd31470fa130784c78fadb4dab2e624a723
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Sun Mar 27 19:09:29 2011 -0700
+
+ proc: fix oops on invalid /proc/<pid>/maps access
+
+ When m_start returns an error, the seq_file logic will still call m_stop
+ with that error entry, so we'd better make sure that we check it before
+ using it as a vma.
+
+ Introduced by commit ec6fd8a4355c ("report errors in /proc/*/*map*
+ sanely"), which replaced NULL with various ERR_PTR() cases.
+
+ (On ia64, you happen to get a unaligned fault instead of a page fault,
+ since the address used is generally some random error code like -EPERM)
+
+ Reported-by: Anca Emanuel <anca.emanuel at gmail.com>
+ Reported-by: Tony Luck <tony.luck at intel.com>
+ Cc: Al Viro <viro at zeniv.linux.org.uk>
+ Cc: Américo Wang <xiyou.wangcong at gmail.com>
+ Cc: Stephen Wilson <wilsons at start.ca>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
+index 7c708a4..2e7addf 100644
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -182,7 +182,8 @@ static void m_stop(struct seq_file *m, void *v)
+ struct proc_maps_private *priv = m->private;
+ struct vm_area_struct *vma = v;
+
+- vma_stop(priv, vma);
++ if (!IS_ERR(vma))
++ vma_stop(priv, vma);
+ if (priv->task)
+ put_task_struct(priv->task);
+ }
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2 Fri Sep 9 13:54:17 2011 (r18065)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze2 Fri Sep 9 15:22:30 2011 (r18066)
@@ -1,2 +1,3 @@
+ bugfix/all/inetpeer-optimize-inet_getid.patch
+ bugfix/all/ipv6-make-fragment-identifications-less-predictable.patch
++ bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
More information about the Kernel-svn-changes
mailing list