add 2.6.16.5
svn path=/dists/sid/linux-2.6/; revision=6406
This commit is contained in:
maximilian attems
parent
99eb9931e9
commit
ad4507cd9c
|
|
@ -12,7 +12,12 @@ linux-2.6 (2.6.16-7) UNRELEASED; urgency=low
|
|||
* [powerpc] Transitioned mkvmlinuz support patch to the 2.6.16 ARCH=powerpc
|
||||
tree. PReP is broken in 2.6.16 though.
|
||||
|
||||
-- Sven Luther <luther@debian.org> Wed, 12 Apr 2006 19:46:30 +0000
|
||||
[ maximilian attems ]
|
||||
* Add stable release 2.6.16.5:
|
||||
- x86_64: Clean up execve
|
||||
- x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)
|
||||
|
||||
-- maximilian attems <maks@sternwelten.at> Thu, 13 Apr 2006 11:05:24 +0200
|
||||
|
||||
linux-2.6 (2.6.16-6) unstable; urgency=medium
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,63 @@
|
|||
diff --git a/arch/x86_64/kernel/entry.S b/arch/x86_64/kernel/entry.S
|
||||
index 7c10e90..ab6e44d 100644
|
||||
--- a/arch/x86_64/kernel/entry.S
|
||||
+++ b/arch/x86_64/kernel/entry.S
|
||||
@@ -180,6 +180,10 @@ rff_trace:
|
||||
*
|
||||
* XXX if we had a free scratch register we could save the RSP into the stack frame
|
||||
* and report it properly in ps. Unfortunately we haven't.
|
||||
+ *
|
||||
+ * When user can change the frames always force IRET. That is because
|
||||
+ * it deals with uncanonical addresses better. SYSRET has trouble
|
||||
+ * with them due to bugs in both AMD and Intel CPUs.
|
||||
*/
|
||||
|
||||
ENTRY(system_call)
|
||||
@@ -254,7 +258,10 @@ sysret_signal:
|
||||
xorl %esi,%esi # oldset -> arg2
|
||||
call ptregscall_common
|
||||
1: movl $_TIF_NEED_RESCHED,%edi
|
||||
- jmp sysret_check
|
||||
+ /* Use IRET because user could have changed frame. This
|
||||
+ works because ptregscall_common has called FIXUP_TOP_OF_STACK. */
|
||||
+ cli
|
||||
+ jmp int_with_check
|
||||
|
||||
badsys:
|
||||
movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
|
||||
@@ -280,7 +287,8 @@ tracesys:
|
||||
call syscall_trace_leave
|
||||
RESTORE_TOP_OF_STACK %rbx
|
||||
RESTORE_REST
|
||||
- jmp ret_from_sys_call
|
||||
+ /* Use IRET because user could have changed frame */
|
||||
+ jmp int_ret_from_sys_call
|
||||
CFI_ENDPROC
|
||||
|
||||
/*
|
||||
@@ -408,25 +416,9 @@ ENTRY(stub_execve)
|
||||
CFI_ADJUST_CFA_OFFSET -8
|
||||
CFI_REGISTER rip, r11
|
||||
SAVE_REST
|
||||
- movq %r11, %r15
|
||||
- CFI_REGISTER rip, r15
|
||||
FIXUP_TOP_OF_STACK %r11
|
||||
call sys_execve
|
||||
- GET_THREAD_INFO(%rcx)
|
||||
- bt $TIF_IA32,threadinfo_flags(%rcx)
|
||||
- CFI_REMEMBER_STATE
|
||||
- jc exec_32bit
|
||||
RESTORE_TOP_OF_STACK %r11
|
||||
- movq %r15, %r11
|
||||
- CFI_REGISTER rip, r11
|
||||
- RESTORE_REST
|
||||
- pushq %r11
|
||||
- CFI_ADJUST_CFA_OFFSET 8
|
||||
- CFI_REL_OFFSET rip, 0
|
||||
- ret
|
||||
-
|
||||
-exec_32bit:
|
||||
- CFI_RESTORE_STATE
|
||||
movq %rax,RAX(%rsp)
|
||||
RESTORE_REST
|
||||
jmp int_ret_from_sys_call
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
+ 2.6.16.3
|
||||
+ 2.6.16.4
|
||||
+ powerpc-mkvmlinuz-support-2.patch
|
||||
|
||||
+ 2.6.16.5
|
||||
|
|
|
|||
Loading…
Reference in New Issue