[kernel] r22400 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/x86 patches/series

Ben Hutchings benh at moszumanska.debian.org
Tue Feb 17 22:48:24 UTC 2015 

Author: benh
Date: Tue Feb 17 22:48:24 2015
New Revision: 22400

Log:
Drop fixes for x86 FPU state management and CVE-2014-9419

The FPU state fixes are apparently not important on 2.6.32 because
the bug affects use of AES-NI in an i386 kernel while in 2.6.32 AES-NI
is only used on x86_64 (amd64):
<http://article.gmane.org/gmane.linux.kernel/1257424/> 

CVE-2014-9419 depends on at least some of these changes, and it is not
obvious how to minimise them.  This issue allows a partial ASLR bypass
by local users, which does not seem serious enough to justify the risk
of the FPU state changes in itself:
<http://www.openwall.com/lists/oss-security/2014/12/25/1>

Deleted:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0001-x86-fpu-move-most-of-__save_init_fpu-into-fpu_save_i.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0002-x86-64-fpu-disable-preemption-when-using-ts_usedfpu.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0003-x86-32-fpu-rewrite-fpu_save_init.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0004-x86-fpu-merge-fpu_save_init.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0005-x86-32-fpu-fix-fpu-exception-handling-on-non-sse-sys.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0006-i387-math_state_restore-isn-t-called-from-asm.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0007-i387-make-irq_fpu_usable-tests-more-robust.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0008-i387-fix-sense-of-sanity-check.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0009-i387-fix-x86-64-preemption-unsafe-user-stack-save-re.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0010-i387-move-ts_usedfpu-clearing-out-of-__save_init_fpu.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0011-i387-don-t-ever-touch-ts_usedfpu-directly-use-helper.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0012-i387-do-not-preload-fpu-state-at-task-switch-time.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0013-i387-move-amd-k7-k8-fpu-fxsave-fxrstor-workaround-fr.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0014-i387-move-ts_usedfpu-flag-from-thread_info-to-task_s.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/0015-i387-re-introduce-fpu-state-preloading-at-context-sw.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/x86-fpu-avoid-abi-change-for-addition-of-has_fpu-fla.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze11

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Tue Feb 17 05:25:56 2015	(r22399)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Tue Feb 17 22:48:24 2015	(r22400)
@@ -13,25 +13,6 @@
     (CVE-2014-7822)
   * net: sctp: fix slab corruption from use after free on INIT collisions
     (CVE-2015-1421)
-  * [x86] Backport fixes to FPU/SSE state save and restore from Linux 3.3:
-    - fpu: Move most of __save_init_fpu() into fpu_save_init()
-    - [amd64] fpu: Disable preemption when using TS_USEDFPU
-    - [i386] fpu: Rewrite fpu_save_init()
-    - fpu: Merge fpu_save_init()
-    - [i386] fpu: Fix FPU exception handling on non-SSE systems
-    - i387: math_state_restore() isn't called from asm
-    - i387: make irq_fpu_usable() tests more robust
-    - i387: fix sense of sanity check
-    - i387: fix x86-64 preemption-unsafe user stack save/restore
-    - i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers
-    - i387: don't ever touch TS_USEDFPU directly, use helper functions
-    - i387: do not preload FPU state at task switch time
-    - i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore
-    - i387: move TS_USEDFPU flag from thread_info to task_struct
-    - i387: re-introduce FPU state preloading at context switch time
-  * Ignore ABI change for math_state_restore(), not used out-of-tree
-  * [amd64] switch_to(): Load TLS descriptors before switching DS and ES
-    (CVE-2014-9419)
   * ASLR: fix stack randomization on 64-bit systems (CVE-2015-1593)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Wed, 28 Jan 2015 22:33:05 +0000

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze11
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze11	Tue Feb 17 05:25:56 2015	(r22399)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze11	Tue Feb 17 22:48:24 2015	(r22400)
@@ -8,28 +8,4 @@
 + bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch
 + bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch
 
-# FPU/SSE fixes and refactoring needed to prepare for the next set
-+ bugfix/x86/0001-x86-fpu-move-most-of-__save_init_fpu-into-fpu_save_i.patch
-+ bugfix/x86/0002-x86-64-fpu-disable-preemption-when-using-ts_usedfpu.patch
-+ bugfix/x86/0003-x86-32-fpu-rewrite-fpu_save_init.patch
-+ bugfix/x86/0004-x86-fpu-merge-fpu_save_init.patch
-+ bugfix/x86/0005-x86-32-fpu-fix-fpu-exception-handling-on-non-sse-sys.patch
-
-# FPU/SSE fixes from Linux 3.3 fix possible data loss and are needed
-# before the following security fix
-+ bugfix/x86/0006-i387-math_state_restore-isn-t-called-from-asm.patch
-+ bugfix/x86/0007-i387-make-irq_fpu_usable-tests-more-robust.patch
-+ bugfix/x86/0008-i387-fix-sense-of-sanity-check.patch
-+ bugfix/x86/0009-i387-fix-x86-64-preemption-unsafe-user-stack-save-re.patch
-+ bugfix/x86/0010-i387-move-ts_usedfpu-clearing-out-of-__save_init_fpu.patch
-+ bugfix/x86/0011-i387-don-t-ever-touch-ts_usedfpu-directly-use-helper.patch
-+ bugfix/x86/0012-i387-do-not-preload-fpu-state-at-task-switch-time.patch
-+ bugfix/x86/0013-i387-move-amd-k7-k8-fpu-fxsave-fxrstor-workaround-fr.patch
-+ bugfix/x86/0014-i387-move-ts_usedfpu-flag-from-thread_info-to-task_s.patch
-+ bugfix/x86/0015-i387-re-introduce-fpu-state-preloading-at-context-sw.patch
-
-+ bugfix/x86/x86-fpu-avoid-abi-change-for-addition-of-has_fpu-fla.patch
-
-+ bugfix/x86/x86_64-switch_to-load-tls-descriptors-before-switchi.patch
-
 + bugfix/all/aslr-fix-stack-randomization-on-64-bit-systems.patch

More information about the Kernel-svn-changes mailing list