Author: maks-guest Date: Sun Nov 5 20:32:09 2006 New Revision: 7696 Added: dists/trunk/linux-2.6/debian/patches/bugfix/s390-copy_from_user_padding_take2.patch dists/trunk/linux-2.6/debian/patches/series/5 Modified: dists/trunk/linux-2.6/debian/changelog Log: rerevert s390 2.6.18.1 revert, add upstream fix2 for the copy_from_user mem padding
Modified: dists/trunk/linux-2.6/debian/changelog ============================================================================== --- dists/trunk/linux-2.6/debian/changelog (original) +++ dists/trunk/linux-2.6/debian/changelog Sun Nov 5 20:32:09 2006 @@ -1,3 +1,12 @@ +linux-2.6 (2.6.18-5) UNRELEASE; urgency=low + + * [s390] readd the fix for ""S390: user readable uninitialised kernel memory + (CVE-2006-5174)" + * [s390] temorarly add patch queued for 2.6.18.3 fixing 32 bit opcodes and + instructions. + + -- maximilian attems <[EMAIL PROTECTED]> Sun, 5 Nov 2006 20:26:11 +0100 + linux-2.6 (2.6.18-4) unstable; urgency=low [ Norbert Tretkowski ] Added: dists/trunk/linux-2.6/debian/patches/bugfix/s390-copy_from_user_padding_take2.patch ============================================================================== --- (empty file) +++ dists/trunk/linux-2.6/debian/patches/bugfix/s390-copy_from_user_padding_take2.patch Sun Nov 5 20:32:09 2006 @@ -0,0 +1,70 @@ +From [EMAIL PROTECTED] Sun Nov 5 20:18:14 2006 +From: Chris Wright <[EMAIL PROTECTED]> +To: maximilian attems <[EMAIL PROTECTED]> +Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], + [email protected], [EMAIL PROTECTED] +Subject: Re: [stable] s390 2.6.18.2 debian build failure + +* maximilian attems ([EMAIL PROTECTED]) wrote: +> as a future datapoint the problematic patch is from 2.6.18.1: +> [S390] user readable uninitialised kernel memory. + +This should fix that up, and is queued for next -stable. + +thanks, +-chris +-- +From: Martin Schwidefsky <[EMAIL PROTECTED]> + +[S390] user readable uninitialised kernel memory, take 2. + +The previous patch to correct the copy_from_user padding is quite +broken. The execute instruction needs to be done via the register %r4, +not via %r2 and 31 bit doesn't know the instructions lgr and ahji. + +Signed-off-by: Martin Schwidefsky <[EMAIL PROTECTED]> + + +Signed-off-by: Martin Schwidefsky <[EMAIL PROTECTED]> +--- + arch/s390/lib/uaccess.S | 10 +++++----- + arch/s390/lib/uaccess64.S | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess64.S linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S +--- linux-2.6.18.1/arch/s390/lib/uaccess64.S 2006-10-14 05:34:03.000000000 +0200 ++++ linux-2.6.18.1-s390/arch/s390/lib/uaccess64.S 2006-10-17 13:21:20.000000000 +0200 +@@ -49,7 +49,7 @@ __copy_from_user_asm: + la %r2,256(%r2) + 8: aghi %r5,-256 + jnm 7b +- ex %r5,0(%r2) ++ ex %r5,0(%r4) + 9: lgr %r2,%r3 + br %r14 + .section __ex_table,"a" +diff -urpN linux-2.6.18.1/arch/s390/lib/uaccess.S linux-2.6.18.1-s390/arch/s390/lib/uaccess.S +--- linux-2.6.18.1/arch/s390/lib/uaccess.S 2006-10-14 05:34:03.000000000 +0200 ++++ linux-2.6.18.1-s390/arch/s390/lib/uaccess.S 2006-10-17 13:21:06.000000000 +0200 +@@ -41,15 +41,15 @@ __copy_from_user_asm: + 5: mvcp 0(%r5,%r2),0(%r4),%r0 + slr %r3,%r5 + alr %r2,%r5 +-6: lgr %r5,%r3 # copy remaining size ++6: lr %r5,%r3 # copy remaining size + ahi %r5,-1 # subtract 1 for xc loop + bras %r4,8f +- xc 0(1,%2),0(%2) +-7: xc 0(256,%2),0(%2) ++ xc 0(1,%r2),0(%r2) ++7: xc 0(256,%r2),0(%r2) + la %r2,256(%r2) +-8: ahji %r5,-256 ++8: ahi %r5,-256 + jnm 7b +- ex %r5,0(%r2) ++ ex %r5,0(%r4) + 9: lr %r2,%r3 + br %r14 + .section __ex_table,"a" + Added: dists/trunk/linux-2.6/debian/patches/series/5 ============================================================================== --- (empty file) +++ dists/trunk/linux-2.6/debian/patches/series/5 Sun Nov 5 20:32:09 2006 @@ -0,0 +1,2 @@ +- bugfix/s390-ftbfs-2.6.18.1.patch ++ bugfix/s390-copy_from_user_padding_take2.patch _______________________________________________ Kernel-svn-changes mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
