[kernel] r19847 - in dists/squeeze-security/linux-2.6/debian/patches: bugfix/all features/all/openvz series
Dann Frazier
dannf at alioth.debian.org
Sun Feb 24 18:52:24 UTC 2013
Author: dannf
Date: Sun Feb 24 18:52:23 2013
New Revision: 19847
Log:
Use simpler CVE-2013-0871 fix from Ubuntu; adjust export in openvz patch to fix
build
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ptrace_resume-shouldnt-wake-up-TASK_TRACED-thread.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-task.patch
Deleted:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-Add-why-to-ptrace_stop.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-Always-put-ptracee-into-appropriate-execution-state.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-Clean-transitions-between-TASK_STOPPED-and-TRACED.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-Kill-tracehook_notify_jctl.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-Make-do_signal_stop-use-ptrace_stop-if-the-task-is-being-ptraced.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-collapse-ptrace_untrace-into-__ptrace_unlink.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ptrace_check_attach-should-not-do-STOPPED-TRACED.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-remove-silly-wait_trap-variable-from-ptrace-attach.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/signal-Fix-premature-completion-of-group-stop-when-interfered-by-ptrace.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/signal-Remove-superflous-try_to_freeze-loop-in-do_signal_stop.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/signal-Use-GROUP_STOP_PENDING-to-stop-once-for-a-single-group-stop.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-tack.patch
Modified:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch
dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch Sun Feb 24 16:56:09 2013 (r19846)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch Sun Feb 24 18:52:23 2013 (r19847)
@@ -1,44 +1,60 @@
-commit 9899d11f654474d2d54ea52ceaa2a1f4db3abd68
-Author: Oleg Nesterov <oleg at redhat.com>
-Date: Mon Jan 21 20:48:00 2013 +0100
-
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
-
- putreg() assumes that the tracee is not running and pt_regs_access() can
- safely play with its stack. However a killed tracee can return from
- ptrace_stop() to the low-level asm code and do RESTORE_REST, this means
- that debugger can actually read/modify the kernel stack until the tracee
- does SAVE_REST again.
-
- set_task_blockstep() can race with SIGKILL too and in some sense this
- race is even worse, the very fact the tracee can be woken up breaks the
- logic.
-
- As Linus suggested we can clear TASK_WAKEKILL around the arch_ptrace()
- call, this ensures that nobody can ever wakeup the tracee while the
- debugger looks at it. Not only this fixes the mentioned problems, we
- can do some cleanups/simplifications in arch_ptrace() paths.
-
- Probably ptrace_unfreeze_traced() needs more callers, for example it
- makes sense to make the tracee killable for oom-killer before
- access_process_vm().
-
- While at it, add the comment into may_ptrace_stop() to explain why
- ptrace_stop() still can't rely on SIGKILL and signal_pending_state().
-
- Reported-by: Salman Qazi <sqazi at google.com>
- Reported-by: Suleiman Souhlal <suleiman at google.com>
- Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
- Signed-off-by: Oleg Nesterov <oleg at redhat.com>
- Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
- [dannf: backported to Debian's 2.6.32]
+From: Oleg Nesterov <oleg at redhat.com>
+Date: Tue, 19 Feb 2013 17:31:09 +0000 (+0000)
+Subject: ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
+X-Git-Tag: Ubuntu-2.6.32-45.104~2
+X-Git-Url: http://kernel.ubuntu.com/git?p=ubuntu%2Fubuntu-lucid.git;a=commitdiff_plain;h=9e74eb39ea55e31e7d54df94b4d3194053f8d0ed
+
+ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
+
+CVE-2013-0871
+
+BugLink: http://bugs.launchpad.net/bugs/1129192
+
+putreg() assumes that the tracee is not running and pt_regs_access() can
+safely play with its stack. However a killed tracee can return from
+ptrace_stop() to the low-level asm code and do RESTORE_REST, this means
+that debugger can actually read/modify the kernel stack until the tracee
+does SAVE_REST again.
+
+set_task_blockstep() can race with SIGKILL too and in some sense this
+race is even worse, the very fact the tracee can be woken up breaks the
+logic.
+
+As Linus suggested we can clear TASK_WAKEKILL around the arch_ptrace()
+call, this ensures that nobody can ever wakeup the tracee while the
+debugger looks at it. Not only this fixes the mentioned problems, we
+can do some cleanups/simplifications in arch_ptrace() paths.
+
+Probably ptrace_unfreeze_traced() needs more callers, for example it
+makes sense to make the tracee killable for oom-killer before
+access_process_vm().
+
+While at it, add the comment into may_ptrace_stop() to explain why
+ptrace_stop() still can't rely on SIGKILL and signal_pending_state().
+
+Reported-by: Salman Qazi <sqazi at google.com>
+Reported-by: Suleiman Souhlal <suleiman at google.com>
+Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+(backported from commit 9899d11f654474d2d54ea52ceaa2a1f4db3abd68)
+
+Conflicts:
+ arch/x86/kernel/step.c
+ kernel/ptrace.c
+ kernel/signal.c
+
+Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
+Acked-by: Colin King <colin.king at canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
+---
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index d8bfe12..4873dce 100644
+index 37850f9..d0036f0 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -97,6 +97,41 @@ void __ptrace_unlink(struct task_struct *child)
- spin_unlock(&child->sighand->siglock);
+@@ -80,6 +80,36 @@ void __ptrace_unlink(struct task_struct *child)
+ ptrace_untrace(child);
}
+/* Ensure that nothing can wake it up, even SIGKILL */
@@ -46,11 +62,6 @@
+{
+ bool ret = false;
+
-+ /* Lockless, nobody but us can set this flag */
-+ /* JOBCTL_LISTENING not implemented in 2.6.32 -dannf */
-+ /* if (task->jobctl & JOBCTL_LISTENING)
-+ return ret; */
-+
+ spin_lock_irq(&task->sighand->siglock);
+ if (task_is_traced(task) && !__fatal_signal_pending(task)) {
+ task->state = __TASK_TRACED;
@@ -79,11 +90,12 @@
/*
* Check that we have indeed attached to the thing..
*/
-@@ -112,23 +147,29 @@ int ptrace_check_attach(struct task_struct *child, int kill)
+@@ -95,25 +125,29 @@ int ptrace_check_attach(struct task_struct *child, int kill)
* be changed by us so it's not changing right after this.
*/
read_lock(&tasklist_lock);
- if ((child->ptrace & PT_PTRACED) && child->parent == current) {
+- ret = 0;
+ if (child->ptrace && child->parent == current) {
+ WARN_ON(child->state == __TASK_TRACED);
/*
@@ -91,11 +103,13 @@
* does ptrace_unlink() before __exit_signal().
*/
- spin_lock_irq(&child->sighand->siglock);
-- WARN_ON_ONCE(task_is_stopped(child));
-- if (task_is_traced(child) || kill)
-+ if (kill || ptrace_freeze_traced(child))
- ret = 0;
+- if (task_is_stopped(child))
+- child->state = TASK_TRACED;
+- else if (!task_is_traced(child) && !kill)
+- ret = -ESRCH;
- spin_unlock_irq(&child->sighand->siglock);
++ if (kill || ptrace_freeze_traced(child))
++ ret = 0;
}
read_unlock(&tasklist_lock);
@@ -117,7 +131,7 @@
return ret;
}
-@@ -681,6 +722,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data)
+@@ -637,6 +671,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data)
goto out_put_task_struct;
ret = arch_ptrace(child, request, addr, data);
@@ -126,7 +140,7 @@
out_put_task_struct:
put_task_struct(child);
-@@ -796,8 +839,11 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -752,8 +788,11 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
}
ret = ptrace_check_attach(child, request == PTRACE_KILL);
@@ -139,3 +153,18 @@
out_put_task_struct:
put_task_struct(child);
+diff --git a/kernel/signal.c b/kernel/signal.c
+index c982975..2bd8fab 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -1524,6 +1524,10 @@ static inline int may_ptrace_stop(void)
+ * If SIGKILL was already sent before the caller unlocked
+ * ->siglock we must see ->core_state != NULL. Otherwise it
+ * is safe to enter schedule().
++ *
++ * This is almost outdated, a task with the pending SIGKILL can't
++ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported
++ * after SIGKILL was already dequeued.
+ */
+ if (unlikely(current->mm->core_state) &&
+ unlikely(current->mm == current->parent->mm))
Modified: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch Sun Feb 24 16:56:09 2013 (r19846)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch Sun Feb 24 18:52:23 2013 (r19847)
@@ -1,31 +1,46 @@
-commit 910ffdb18a6408e14febbb6e4b6840fd2c928c82
-Author: Oleg Nesterov <oleg at redhat.com>
-Date: Mon Jan 21 20:47:41 2013 +0100
-
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
-
- Cleanup and preparation for the next change.
-
- signal_wake_up(resume => true) is overused. None of ptrace/jctl callers
- actually want to wakeup a TASK_WAKEKILL task, but they can't specify the
- necessary mask.
-
- Turn signal_wake_up() into signal_wake_up_state(state), reintroduce
- signal_wake_up() as a trivial helper, and add ptrace_signal_wake_up()
- which adds __TASK_TRACED.
-
- This way ptrace_signal_wake_up() can work "inside" ptrace_request()
- even if the tracee doesn't have the TASK_WAKEKILL bit set.
-
- Signed-off-by: Oleg Nesterov <oleg at redhat.com>
- Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
- [dannf: backported to Debian's 2.6.32]
+From: Oleg Nesterov <oleg at redhat.com>
+Date: Tue, 19 Feb 2013 17:31:08 +0000 (+0000)
+Subject: ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
+X-Git-Tag: Ubuntu-2.6.32-45.104~3
+X-Git-Url: http://kernel.ubuntu.com/git?p=ubuntu%2Fubuntu-lucid.git;a=commitdiff_plain;h=2f7ba4b65a6aba4e4b2ee86c1e00767436433787
+
+ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
+
+CVE-2013-0871
+
+BugLink: http://bugs.launchpad.net/bugs/1129192
+
+Cleanup and preparation for the next change.
+
+signal_wake_up(resume => true) is overused. None of ptrace/jctl callers
+actually want to wakeup a TASK_WAKEKILL task, but they can't specify the
+necessary mask.
+
+Turn signal_wake_up() into signal_wake_up_state(state), reintroduce
+signal_wake_up() as a trivial helper, and add ptrace_signal_wake_up()
+which adds __TASK_TRACED.
+
+This way ptrace_signal_wake_up() can work "inside" ptrace_request()
+even if the tracee doesn't have the TASK_WAKEKILL bit set.
+
+Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+(backported from commit 910ffdb18a6408e14febbb6e4b6840fd2c928c82)
+
+Conflicts:
+ kernel/ptrace.c
+ kernel/signal.c
+
+Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
+Acked-by: Colin King <colin.king at canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
+---
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 0ed8f30..fdcafcc 100644
+index 297952b..2c3432c 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
-@@ -2525,7 +2525,16 @@ static inline void thread_group_cputime_free(struct signal_struct *sig)
+@@ -2462,7 +2462,16 @@ static inline void thread_group_cputime_free(struct signal_struct *sig)
extern void recalc_sigpending_and_wake(struct task_struct *t);
extern void recalc_sigpending(void);
@@ -44,32 +59,23 @@
/*
* Wrappers for p->thread_info->cpu access. No-op on UP.
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index 319dd93..daada48 100644
+index d8184b5..37850f9 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -92,7 +92,7 @@ void __ptrace_unlink(struct task_struct *child)
- * TASK_KILLABLE sleeps.
- */
- if (child->group_stop & GROUP_STOP_PENDING || task_is_traced(child))
-- signal_wake_up(child, task_is_traced(child));
-+ ptrace_signal_wake_up(child, true);
-
+@@ -56,7 +56,7 @@ static void ptrace_untrace(struct task_struct *child)
+ child->signal->group_stop_count)
+ __set_task_state(child, TASK_STOPPED);
+ else
+- signal_wake_up(child, 1);
++ ptrace_signal_wake_up(child, true);
+ }
spin_unlock(&child->sighand->siglock);
}
-@@ -243,7 +243,7 @@ int ptrace_attach(struct task_struct *task)
- */
- if (task_is_stopped(task)) {
- task->group_stop |= GROUP_STOP_PENDING | GROUP_STOP_TRAPPING;
-- signal_wake_up(task, 1);
-+ signal_wake_up_state(task, __TASK_STOPPED);
- }
-
- spin_unlock(&task->sighand->siglock);
diff --git a/kernel/signal.c b/kernel/signal.c
-index ea848c4..15da80d 100644
+index 2494827..c982975 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
-@@ -581,23 +581,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
+@@ -513,23 +513,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
* No need to set need_resched since signal event passing
* goes through ->blocked
*/
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ptrace_resume-shouldnt-wake-up-TASK_TRACED-thread.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/ptrace-ptrace_resume-shouldnt-wake-up-TASK_TRACED-thread.patch Sun Feb 24 18:52:23 2013 (r19847)
@@ -0,0 +1,82 @@
+From: Oleg Nesterov <oleg at redhat.com>
+Date: Tue, 19 Feb 2013 17:31:07 +0000 (+0000)
+Subject: ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
+X-Git-Tag: Ubuntu-2.6.32-45.104~4
+X-Git-Url: http://kernel.ubuntu.com/git?p=ubuntu%2Fubuntu-lucid.git;a=commitdiff_plain;h=e8f03a3cf583ab623e0414dee2b3e63aef77fe8d
+
+ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
+
+CVE-2013-0871
+
+BugLink: http://bugs.launchpad.net/bugs/1129192
+
+It is not clear why ptrace_resume() does wake_up_process(). Unless the
+caller is PTRACE_KILL the tracee should be TASK_TRACED so we can use
+wake_up_state(__TASK_TRACED). If sys_ptrace() races with SIGKILL we do
+not need the extra and potentionally spurious wakeup.
+
+If the caller is PTRACE_KILL, wake_up_process() is even more wrong.
+The tracee can sleep in any state in any place, and if we have a buggy
+code which doesn't handle a spurious wakeup correctly PTRACE_KILL can
+be used to exploit it. For example:
+
+ int main(void)
+ {
+ int child, status;
+
+ child = fork();
+ if (!child) {
+ int ret;
+
+ assert(ptrace(PTRACE_TRACEME, 0,0,0) == 0);
+
+ ret = pause();
+ printf("pause: %d %m\n", ret);
+
+ return 0x23;
+ }
+
+ sleep(1);
+ assert(ptrace(PTRACE_KILL, child, 0,0) == 0);
+
+ assert(child == wait(&status));
+ printf("wait: %x\n", status);
+
+ return 0;
+ }
+
+prints "pause: -1 Unknown error 514", -ERESTARTNOHAND leaks to the
+userland. In this case sys_pause() is buggy as well and should be
+fixed.
+
+I do not know what was the original rationality behind PTRACE_KILL.
+The man page is simply wrong and afaics it was always wrong. Imho
+it should be deprecated, or may be it should do send_sig(SIGKILL)
+as Denys suggests, but in any case I do not think that the current
+behaviour was intentional.
+
+Note: there is another problem, ptrace_resume() changes ->exit_code
+and this can race with SIGKILL too. Eventually we should change ptrace
+to not use ->exit_code.
+
+Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+(cherry picked from commit 0666fb51b1483f27506e212cc7f7b2645b5c7acc)
+
+Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
+Acked-by: Colin King <colin.king at canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
+---
+
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index 05625f6..d8184b5 100644
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -506,7 +506,7 @@ static int ptrace_resume(struct task_struct *child, long request, long data)
+ }
+
+ child->exit_code = data;
+- wake_up_process(child);
++ wake_up_state(child, __TASK_TRACED);
+
+ return 0;
+ }
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-task.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-task.patch Sun Feb 24 18:52:23 2013 (r19847)
@@ -0,0 +1,43 @@
+From: Oleg Nesterov <oleg at redhat.com>
+Date: Tue, 19 Feb 2013 17:31:10 +0000 (+0000)
+Subject: wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task
+X-Git-Tag: Ubuntu-2.6.32-45.104~1
+X-Git-Url: http://kernel.ubuntu.com/git?p=ubuntu%2Fubuntu-lucid.git;a=commitdiff_plain;h=759c74c9e978886df4257517d55346e453b44fd8
+
+wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task
+
+CVE-2013-0871
+
+BugLink: http://bugs.launchpad.net/bugs/1129192
+
+wake_up_process() should never wakeup a TASK_STOPPED/TRACED task.
+Change it to use TASK_NORMAL and add the WARN_ON().
+
+TASK_ALL has no other users, probably can be killed.
+
+Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+(backported from commit 9067ac85d533651b98c2ff903182a20cbb361fcb)
+
+Conflicts:
+ kernel/sched/core.c
+
+Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
+Acked-by: Colin King <colin.king at canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
+---
+
+diff --git a/kernel/sched.c b/kernel/sched.c
+index 90c998f..22289ea 100644
+--- a/kernel/sched.c
++++ b/kernel/sched.c
+@@ -2618,7 +2618,8 @@ out:
+ */
+ int wake_up_process(struct task_struct *p)
+ {
+- return try_to_wake_up(p, TASK_ALL, 0);
++ WARN_ON(task_is_stopped_or_traced(p));
++ return try_to_wake_up(p, TASK_NORMAL, 0);
+ }
+ EXPORT_SYMBOL(wake_up_process);
+
Modified: dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch Sun Feb 24 16:56:09 2013 (r19846)
+++ dists/squeeze-security/linux-2.6/debian/patches/features/all/openvz/openvz.patch Sun Feb 24 18:52:23 2013 (r19847)
@@ -6547,8 +6547,8 @@
and kernel/fork.c following addition of signalfd_cleanup() in 2.6.32.60]
[bwh: Fix content for changes to do_tcp_sendpages() after 2.6.32.60]
[bwh: Fix context for changes to struct file after 2.6.32.60]
-[dannf: Fix context for kernel/signal.c changes following backports to fix
- CVE-2013-0871)]
+[dannf: export signal_wake_up_state instead of signal_wake_up to deal with
+ wrapper introduction in 910ffdb18a6408e14febbb6e4b6840fd2c928c82]
diff --git a/COPYING.Parallels b/COPYING.Parallels
new file mode 100644
@@ -72479,14 +72479,14 @@
static void __user *sig_handler(struct task_struct *t, int sig)
{
-@@ -118,7 +137,7 @@ static inline int has_pending_signals(si
+@@ -118,7 +137,7 @@ static inline int has_pending_signals(sigset_t *signal, sigset_t *blocked)
#define PENDING(p,b) has_pending_signals(&(p)->signal, (b))
-static int recalc_sigpending_tsk(struct task_struct *t)
+int recalc_sigpending_tsk(struct task_struct *t)
{
- if ((t->group_stop & GROUP_STOP_PENDING) ||
+ if (t->signal->group_stop_count > 0 ||
PENDING(&t->pending, &t->blocked) ||
@@ -143,6 +162,7 @@ void recalc_sigpending_and_wake(struct task_struct *t)
if (recalc_sigpending_tsk(t))
@@ -72539,11 +72539,11 @@
if (sig) {
if (current->notifier) {
-@@ -532,6 +569,7 @@ void signal_wake_up(struct task_struct *t, int resume)
+@@ -532,6 +569,7 @@ void signal_wake_up_state(struct task_struct *t, int resume)
if (!wake_up_state(t, mask))
kick_process(t);
}
-+EXPORT_SYMBOL_GPL(signal_wake_up);
++EXPORT_SYMBOL_GPL(signal_wake_up_state);
/*
* Remove signals in mask from the pending set and queue.
@@ -72608,16 +72608,16 @@
info.si_signo = sig;
info.si_errno = 0;
/*
-@@ -1805,7 +1852,9 @@ retry:
- }
+@@ -1722,7 +1769,9 @@ static int do_signal_stop(int signr)
- /* Now we don't run again until woken by SIGCONT or SIGKILL */
+ /* Now we don't run again until woken by SIGCONT or SIGKILL */
+ do {
+ set_stop_state(current);
schedule();
+ clear_stop_state(current);
+ } while (try_to_freeze());
- spin_lock_irq(¤t->sighand->siglock);
- } else {
+ tracehook_finish_jctl();
@@ -1784,8 +1833,6 @@ relock:
* Now that we woke up, it's crucial if we're supposed to be
* frozen that we freeze now before running anything substantial.
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze1 Sun Feb 24 16:56:09 2013 (r19846)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze1 Sun Feb 24 18:52:23 2013 (r19847)
@@ -1,14 +1,4 @@
-+ bugfix/all/ptrace-collapse-ptrace_untrace-into-__ptrace_unlink.patch
-+ bugfix/all/ptrace-Kill-tracehook_notify_jctl.patch
-+ bugfix/all/signal-Fix-premature-completion-of-group-stop-when-interfered-by-ptrace.patch
-+ bugfix/all/signal-Use-GROUP_STOP_PENDING-to-stop-once-for-a-single-group-stop.patch
-+ bugfix/all/ptrace-Add-why-to-ptrace_stop.patch
-+ bugfix/all/signal-Remove-superflous-try_to_freeze-loop-in-do_signal_stop.patch
-+ bugfix/all/ptrace-Make-do_signal_stop-use-ptrace_stop-if-the-task-is-being-ptraced.patch
-+ bugfix/all/ptrace-Clean-transitions-between-TASK_STOPPED-and-TRACED.patch
-+ bugfix/all/ptrace-Always-put-ptracee-into-appropriate-execution-state.patch
-+ bugfix/all/ptrace-remove-silly-wait_trap-variable-from-ptrace-attach.patch
++ bugfix/all/ptrace-ptrace_resume-shouldnt-wake-up-TASK_TRACED-thread.patch
+ bugfix/all/ptrace-introduce-signal_wake_up_state-and-ptrace_signal_wake_up.patch
-+ bugfix/all/ptrace-ptrace_check_attach-should-not-do-STOPPED-TRACED.patch
+ bugfix/all/ptrace-ensure-arch_ptrace-ptrace_request-can-never-race-with-SIGKILL.patch
-+ bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-tack.patch
++ bugfix/all/wake_up_process-should-be-never-used-to-wakeup-a-TASK_STOPPED-TRACED-task.patch
More information about the Kernel-svn-changes
mailing list