[kernel] r18071 - in dists/squeeze/linux-2.6: . debian debian/patches/bugfix/all debian/patches/series
Ben Hutchings
benh at alioth.debian.org
Sat Sep 10 00:50:40 UTC 2011
Author: benh
Date: Sat Sep 10 00:50:38 2011
New Revision: 18071
Log:
Merge squeeze-security branch up to 2.6.32-35squeeze2
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
- copied unchanged from r18070, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
dists/squeeze/linux-2.6/debian/patches/series/35squeeze2
Modified:
dists/squeeze/linux-2.6/ (props changed)
dists/squeeze/linux-2.6/debian/changelog
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Fri Sep 9 19:26:02 2011 (r18070)
+++ dists/squeeze/linux-2.6/debian/changelog Sat Sep 10 00:50:38 2011 (r18071)
@@ -94,6 +94,13 @@
-- maximilian attems <maks at debian.org> Sat, 25 Jun 2011 10:22:27 +0200
+linux-2.6 (2.6.32-35squeeze2) stable-security; urgency=high
+
+ * Fix regression in /proc/<pid>/maps fixes for CVE-2011-1020
+ (Closes: #640966)
+
+ -- dann frazier <dannf at debian.org> Fri, 09 Sep 2011 10:09:39 -0600
+
linux-2.6 (2.6.32-35squeeze1) stable-security; urgency=high
[ dann frazier ]
Copied: dists/squeeze/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch (from r18070, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch Sat Sep 10 00:50:38 2011 (r18071, copy of r18070, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch)
@@ -0,0 +1,37 @@
+commit 76597cd31470fa130784c78fadb4dab2e624a723
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Sun Mar 27 19:09:29 2011 -0700
+
+ proc: fix oops on invalid /proc/<pid>/maps access
+
+ When m_start returns an error, the seq_file logic will still call m_stop
+ with that error entry, so we'd better make sure that we check it before
+ using it as a vma.
+
+ Introduced by commit ec6fd8a4355c ("report errors in /proc/*/*map*
+ sanely"), which replaced NULL with various ERR_PTR() cases.
+
+ (On ia64, you happen to get a unaligned fault instead of a page fault,
+ since the address used is generally some random error code like -EPERM)
+
+ Reported-by: Anca Emanuel <anca.emanuel at gmail.com>
+ Reported-by: Tony Luck <tony.luck at intel.com>
+ Cc: Al Viro <viro at zeniv.linux.org.uk>
+ Cc: Américo Wang <xiyou.wangcong at gmail.com>
+ Cc: Stephen Wilson <wilsons at start.ca>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
+index 7c708a4..2e7addf 100644
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -182,7 +182,8 @@ static void m_stop(struct seq_file *m, void *v)
+ struct proc_maps_private *priv = m->private;
+ struct vm_area_struct *vma = v;
+
+- vma_stop(priv, vma);
++ if (!IS_ERR(vma))
++ vma_stop(priv, vma);
+ if (priv->task)
+ put_task_struct(priv->task);
+ }
Added: dists/squeeze/linux-2.6/debian/patches/series/35squeeze2
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/series/35squeeze2 Sat Sep 10 00:50:38 2011 (r18071)
@@ -0,0 +1 @@
++ bugfix/all/proc-fix-oops-on-invalid-proc-pid-maps-access.patch
More information about the Kernel-svn-changes
mailing list