nuke amd64-insert_vm_struct-leak.patch, it was already added in 2.6.12.4.
svn path=/dists/sid/linux-2.6/; revision=4128
This commit is contained in:
parent
2e1747ab4b
commit
1046a20511
|
@ -24,8 +24,6 @@ linux-2.6 (2.6.12-6) UNRELEASED; urgency=low
|
|||
- [SECURITY] fix a memory leak in devices seq_file implementation;
|
||||
local DoS.
|
||||
- [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
|
||||
* [SECURITY: CAN-2005-2617] amd64-insert_vm_struct-leak.patch
|
||||
TASK_SIZE fixes for compatibility mode processes.
|
||||
|
||||
-- Simon Horman <horms@debian.org> Thu, 1 Sep 2005 17:02:35 +0900
|
||||
|
||||
|
@ -144,7 +142,7 @@ linux-2.6 (2.6.12-2) unstable; urgency=low
|
|||
- Fix potential memory corruption in NAT code (aka memory NAT)
|
||||
- Fix deadlock in ip6_queue
|
||||
- Fix signedness issues in net/core/filter.c
|
||||
- x86_64 memleak from malicious 32bit elf program
|
||||
- x86_64 memleak from malicious 32bit elf program (CAN-2005-2617)
|
||||
- rocket.c: Fix ldisc ref count handling
|
||||
- kbuild: build TAGS problem with O=
|
||||
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
From: Siddha, Suresh B <suresh.b.siddha@intel.com>
|
||||
Date: Sat, 16 Jul 2005 02:17:44 +0000 (-0700)
|
||||
Subject: [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
|
||||
X-Git-Tag: v2.6.13-rc4
|
||||
X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8
|
||||
|
||||
[PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
|
||||
|
||||
A malicious 32bit app can have an elf section at 0xffffe000. During
|
||||
exec of this app, we will have a memory leak as insert_vm_struct() is
|
||||
not checking for return value in syscall32_setup_pages() and thus not
|
||||
freeing the vma allocated for the vsyscall page.
|
||||
|
||||
Check the return value and free the vma incase of failure.
|
||||
|
||||
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
||||
---
|
||||
|
||||
--- a/arch/x86_64/ia32/syscall32.c
|
||||
+++ b/arch/x86_64/ia32/syscall32.c
|
||||
@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
|
||||
int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
|
||||
struct vm_area_struct *vma;
|
||||
struct mm_struct *mm = current->mm;
|
||||
+ int ret;
|
||||
|
||||
vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
|
||||
if (!vma)
|
||||
@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
|
||||
vma->vm_mm = mm;
|
||||
|
||||
down_write(&mm->mmap_sem);
|
||||
- insert_vm_struct(mm, vma);
|
||||
+ if ((ret = insert_vm_struct(mm, vma))) {
|
||||
+ up_write(&mm->mmap_sem);
|
||||
+ kmem_cache_free(vm_area_cachep, vma);
|
||||
+ return ret;
|
||||
+ }
|
||||
mm->total_vm += npages;
|
||||
up_write(&mm->mmap_sem);
|
||||
return 0;
|
|
@ -1,2 +1 @@
|
|||
+ 2.6.12.6.patch
|
||||
+ amd64-insert_vm_struct-leak.patch
|
||||
|
|
Loading…
Reference in New Issue