diff options
| author | dann frazier <dannf@debian.org> | 2010-02-10 06:23:35 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2010-02-10 06:23:35 +0000 |
| commit | fa9f65f4b9cc087c522f30a01edf44bcb34df136 (patch) | |
| tree | c0cf9ad6a889c852500695d07bace00131d3c5a2 | |
| parent | 4ae828b4e72ac0f66477148665b22da02996b05f (diff) | |
| download | kernel_replicant_linux-fa9f65f4b9cc087c522f30a01edf44bcb34df136.tar.gz kernel_replicant_linux-fa9f65f4b9cc087c522f30a01edf44bcb34df136.tar.bz2 kernel_replicant_linux-fa9f65f4b9cc087c522f30a01edf44bcb34df136.zip | |
Fix potential crash with sys_move_pages (CVE-2010-0415)
svn path=/dists/trunk/linux-2.6/; revision=15138
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch | 31 | ||||
| -rw-r--r-- | debian/patches/series/8 | 1 |
3 files changed, 33 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index bb84a8045256..ee4bb0bb52a4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ linux-2.6 (2.6.32-8) UNRELEASED; urgency=low [ dann frazier ] * KVM: PIT: control word is write-only (CVE-2010-0309) + * Fix potential crash with sys_move_pages (CVE-2010-0415) [ Ben Hutchings ] * Build lgs8gxx driver along with cxusb (Closes: #568414) diff --git a/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch b/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch new file mode 100644 index 000000000000..333695445445 --- /dev/null +++ b/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch @@ -0,0 +1,31 @@ +commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 +Author: Linus Torvalds <torvalds@linux-foundation.org> +Date: Fri Feb 5 16:16:50 2010 -0800 + + Fix potential crash with sys_move_pages + + We incorrectly depended on the 'node_state/node_isset()' functions + testing the node range, rather than checking it explicitly. That's not + reliable, even if it might often happen to work. So do the proper + explicit test. + + Reported-by: Marcus Meissner <meissner@suse.de> + Acked-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr> + Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk> + Cc: stable@kernel.org + Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> + +diff --git a/mm/migrate.c b/mm/migrate.c +index efddbf0..9a0db5b 100644 +--- a/mm/migrate.c ++++ b/mm/migrate.c +@@ -912,6 +912,9 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task, + goto out_pm; + + err = -ENODEV; ++ if (node < 0 || node >= MAX_NUMNODES) ++ goto out_pm; ++ + if (!node_state(node, N_HIGH_MEMORY)) + goto out_pm; + diff --git a/debian/patches/series/8 b/debian/patches/series/8 index 9ecc248e73f9..ec0f32671539 100644 --- a/debian/patches/series/8 +++ b/debian/patches/series/8 @@ -8,3 +8,4 @@ - bugfix/all/e1000e-enhance-fragment-detection.patch - bugfix/all/e1000-enhance-fragment-detection.patch + bugfix/all/stable/2.6.32.8.patch ++ bugfix/all/fix-potential-crash-with-sys_move_pages.patch |