[kernel] r7782 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Sun, 12 Nov 2006 19:15:25 -0800 

Author: dannf
Date: Mon Nov 13 04:15:22 2006
New Revision: 7782

Added:
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Log:
* ppc-alignment-exception-table-check.dpatch
  [SECURITY][ppc] Avoid potential DoS which can be triggered by some
  futex ops
  See CVE-2006-5649

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    Mon Nov 13 04:15:22 2006
@@ -20,8 +20,12 @@
     [SECURITY] Fix local DoS attack vector (lockups, oopses) in the
     sequence handling for /proc/net/ip6_flowlabel
     See CVE-2006-5619
+  * ppc-alignment-exception-table-check.dpatch
+    [SECURITY][ppc] Avoid potential DoS which can be triggered by some
+    futex ops
+    See CVE-2006-5649
 
- -- dann frazier <[EMAIL PROTECTED]>  Sun, 12 Nov 2006 18:57:02 -0700
+ -- dann frazier <[EMAIL PROTECTED]>  Sun, 12 Nov 2006 20:13:06 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
 

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ppc-alignment-exception-table-check.dpatch
      Mon Nov 13 04:15:22 2006
@@ -0,0 +1,56 @@
+From: Benjamin Herrenschmidt <[EMAIL PROTECTED]>
+Date: Wed, 1 Nov 2006 04:11:39 +0000 (+1100)
+Subject: [POWERPC] Make alignment exception always check exception table
+X-Git-Tag: v2.6.19-rc5
+X-Git-Url: 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4393c4f6788cee65095dd838cfeca6edefbfeb52
+
+[POWERPC] Make alignment exception always check exception table
+
+The alignment exception used to only check the exception table for
+-EFAULT, not for other errors. That opens an oops window if we can
+coerce the kernel into getting an alignment exception for other reasons
+in what would normally be a user-protected accessor, which can be done
+via some of the futex ops. This fixes it by always checking the
+exception tables.
+
+Signed-off-by: Benjamin Herrenschmidt <[EMAIL PROTECTED]>
+Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urpN kernel-source-2.6.8.orig/arch/ppc/kernel/traps.c 
kernel-source-2.6.8/arch/ppc/kernel/traps.c
+--- kernel-source-2.6.8.orig/arch/ppc/kernel/traps.c   2006-09-06 
19:09:25.000000000 -0600
++++ kernel-source-2.6.8/arch/ppc/kernel/traps.c        2006-11-12 
19:14:01.900614842 -0700
+@@ -553,7 +553,7 @@ void SingleStepException(struct pt_regs 
+ 
+ void AlignmentException(struct pt_regs *regs)
+ {
+-      int fixed;
++      int sig, code, fixed = 0;
+ 
+       fixed = fix_alignment(regs);
+       if (fixed == 1) {
+@@ -562,13 +562,16 @@ void AlignmentException(struct pt_regs *
+       }
+       if (fixed == -EFAULT) {
+               /* fixed == -EFAULT means the operand address was bad */
+-              if (user_mode(regs))
+-                      _exception(SIGSEGV, regs, SEGV_ACCERR, regs->dar);
+-              else
+-                      bad_page_fault(regs, regs->dar, SIGSEGV);
+-              return;
++              sig = SIGSEGV;
++              code = SEGV_ACCERR;
++      } else {
++              sig = SIGBUS;
++              code = BUS_ADRALN;
+       }
+-      _exception(SIGBUS, regs, BUS_ADRALN, regs->dar);
++      if (user_mode(regs))
++              _exception(sig, regs, code, regs->dar);
++      else
++              bad_page_fault(regs, regs->dar, sig);
+ }
+ 
+ void StackOverflow(struct pt_regs *regs)

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
   (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
   Mon Nov 13 04:15:22 2006
@@ -3,3 +3,4 @@
 + __block_prepare_write-recovery.dpatch
 + atm-clip-freed-skb-deref.dpatch
 + ip6_flowlabel-lockup.dpatch
++ ppc-alignment-exception-table-check.dpatch

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to