add 2.6.12.1 security patches.

will be fun for 2.6.8. svn path=/branches/linux-kernel-2.6.12/; revision=3387
2005-06-22 23:11:54 +00:00 · 2005-06-22 23:11:54 +00:00 · 5c767af0f5
parent 099b34a1a7
commit 5c767af0f5
3 changed files with 97 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -2,5 +2,8 @@ linux-kernel-2.6.12 (2.6.12-1) UNRELEASED; urgency=low

  * New upstream release.
  * Premiere of the common-source kernel package.
+  * Add 2.6.12.1
+    - Clean up subthread exec (CAN-2005-1913)
+    - ia64 ptrace + sigrestore_context (CAN-2005-1761)

 -- Frederik Schüler <f.schueler@gmx.net>  Wed, 18 May 2005 12:44:53 +0200
--- a/debian/patches-debian/patch-2.6.12.1
+++ b/debian/patches-debian/patch-2.6.12.1
@ -0,0 +1,93 @@
+diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
+--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
+@@ -945,6 +945,13 @@ access_uarea (struct task_struct *child,
+ 				*data = (pt->cr_ipsr & IPSR_MASK);
+ 			return 0;
+ 
+		      case PT_AR_RSC:
+			if (write_access)
+				pt->ar_rsc = *data | (3 << 2); /* force PL3 */
+			else
+				*data = pt->ar_rsc;
+			return 0;
+
+ 		      case PT_AR_RNAT:
+ 			urbs_end = ia64_get_user_rbs_end(child, pt, NULL);
+ 			rnat_addr = (long) ia64_rse_rnat_addr((long *)
+@@ -996,9 +1003,6 @@ access_uarea (struct task_struct *child,
+ 		      case PT_AR_BSPSTORE:
+ 			ptr = pt_reg_addr(pt, ar_bspstore);
+ 			break;
+-		      case PT_AR_RSC:
+-			ptr = pt_reg_addr(pt, ar_rsc);
+-			break;
+ 		      case PT_AR_UNAT:
+ 			ptr = pt_reg_addr(pt, ar_unat);
+ 			break;
+@@ -1234,7 +1238,7 @@ ptrace_getregs (struct task_struct *chil
+ static long
+ ptrace_setregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
+ {
+-	unsigned long psr, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
+	unsigned long psr, rsc, ec, lc, rnat, bsp, cfm, nat_bits, val = 0;
+ 	struct unw_frame_info info;
+ 	struct switch_stack *sw;
+ 	struct ia64_fpreg fpval;
+@@ -1267,7 +1271,7 @@ ptrace_setregs (struct task_struct *chil
+ 	/* app regs */
+ 
+ 	retval |= __get_user(pt->ar_pfs, &ppr->ar[PT_AUR_PFS]);
+-	retval |= __get_user(pt->ar_rsc, &ppr->ar[PT_AUR_RSC]);
+	retval |= __get_user(rsc, &ppr->ar[PT_AUR_RSC]);
+ 	retval |= __get_user(pt->ar_bspstore, &ppr->ar[PT_AUR_BSPSTORE]);
+ 	retval |= __get_user(pt->ar_unat, &ppr->ar[PT_AUR_UNAT]);
+ 	retval |= __get_user(pt->ar_ccv, &ppr->ar[PT_AUR_CCV]);
+@@ -1365,6 +1369,7 @@ ptrace_setregs (struct task_struct *chil
+ 	retval |= __get_user(nat_bits, &ppr->nat);
+ 
+ 	retval |= access_uarea(child, PT_CR_IPSR, &psr, 1);
+	retval |= access_uarea(child, PT_AR_RSC, &rsc, 1);
+ 	retval |= access_uarea(child, PT_AR_EC, &ec, 1);
+ 	retval |= access_uarea(child, PT_AR_LC, &lc, 1);
+ 	retval |= access_uarea(child, PT_AR_RNAT, &rnat, 1);
+diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
+--- a/arch/ia64/kernel/signal.c
+++ b/arch/ia64/kernel/signal.c
+@@ -94,7 +94,7 @@ sys_sigaltstack (const stack_t __user *u
+ static long
+ restore_sigcontext (struct sigcontext __user *sc, struct sigscratch *scr)
+ {
+-	unsigned long ip, flags, nat, um, cfm;
+	unsigned long ip, flags, nat, um, cfm, rsc;
+ 	long err;
+ 
+ 	/* Always make any pending restarted system calls return -EINTR */
+@@ -106,7 +106,7 @@ restore_sigcontext (struct sigcontext __
+ 	err |= __get_user(ip, &sc->sc_ip);			/* instruction pointer */
+ 	err |= __get_user(cfm, &sc->sc_cfm);
+ 	err |= __get_user(um, &sc->sc_um);			/* user mask */
+-	err |= __get_user(scr->pt.ar_rsc, &sc->sc_ar_rsc);
+	err |= __get_user(rsc, &sc->sc_ar_rsc);
+ 	err |= __get_user(scr->pt.ar_unat, &sc->sc_ar_unat);
+ 	err |= __get_user(scr->pt.ar_fpsr, &sc->sc_ar_fpsr);
+ 	err |= __get_user(scr->pt.ar_pfs, &sc->sc_ar_pfs);
+@@ -119,6 +119,7 @@ restore_sigcontext (struct sigcontext __
+ 	err |= __copy_from_user(&scr->pt.r15, &sc->sc_gr[15], 8);	/* r15 */
+ 
+ 	scr->pt.cr_ifs = cfm | (1UL << 63);
+	scr->pt.ar_rsc = rsc | (3 << 2); /* force PL3 */
+ 
+ 	/* establish new instruction pointer: */
+ 	scr->pt.cr_iip = ip & ~0x3UL;
+diff --git a/fs/exec.c b/fs/exec.c
+--- a/fs/exec.c
+++ b/fs/exec.c
+@@ -649,6 +649,7 @@ static inline int de_thread(struct task_
+ 	}
+ 	sig->group_exit_task = NULL;
+ 	sig->notify_count = 0;
+	sig->real_timer.data = (unsigned long)current;
+ 	spin_unlock_irq(lock);
+ 
+ 	/*
--- a/debian/patches-debian/series/2.6.12-1
+++ b/debian/patches-debian/series/2.6.12-1
@ -20,3 +20,4 @@
 + remove-references-to-removed-drivers.patch
 + tty-locking-fixes9.patch
 + ia64-generic-nosmp.patch
+ patch-2.6.12.1