diff --git a/debian/changelog b/debian/changelog index bb84a8045..ee4bb0bb5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ linux-2.6 (2.6.32-8) UNRELEASED; urgency=low [ dann frazier ] * KVM: PIT: control word is write-only (CVE-2010-0309) + * Fix potential crash with sys_move_pages (CVE-2010-0415) [ Ben Hutchings ] * Build lgs8gxx driver along with cxusb (Closes: #568414) diff --git a/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch b/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch new file mode 100644 index 000000000..333695445 --- /dev/null +++ b/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch @@ -0,0 +1,31 @@ +commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 +Author: Linus Torvalds +Date: Fri Feb 5 16:16:50 2010 -0800 + + Fix potential crash with sys_move_pages + + We incorrectly depended on the 'node_state/node_isset()' functions + testing the node range, rather than checking it explicitly. That's not + reliable, even if it might often happen to work. So do the proper + explicit test. + + Reported-by: Marcus Meissner + Acked-and-tested-by: Brice Goglin + Acked-by: Hugh Dickins + Cc: stable@kernel.org + Signed-off-by: Linus Torvalds + +diff --git a/mm/migrate.c b/mm/migrate.c +index efddbf0..9a0db5b 100644 +--- a/mm/migrate.c ++++ b/mm/migrate.c +@@ -912,6 +912,9 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task, + goto out_pm; + + err = -ENODEV; ++ if (node < 0 || node >= MAX_NUMNODES) ++ goto out_pm; ++ + if (!node_state(node, N_HIGH_MEMORY)) + goto out_pm; + diff --git a/debian/patches/series/8 b/debian/patches/series/8 index 9ecc248e7..ec0f32671 100644 --- a/debian/patches/series/8 +++ b/debian/patches/series/8 @@ -8,3 +8,4 @@ - bugfix/all/e1000e-enhance-fragment-detection.patch - bugfix/all/e1000-enhance-fragment-detection.patch + bugfix/all/stable/2.6.32.8.patch ++ bugfix/all/fix-potential-crash-with-sys_move_pages.patch