rpms/kernel/devel linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch, NONE, 1.1 TODO, 1.12, 1.13 kernel.spec, 1.1037, 1.1038
Chuck Ebbert
cebbert at fedoraproject.org
Fri Oct 10 01:06:12 UTC 2008
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13406
Modified Files:
TODO kernel.spec
Added Files:
linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
Log Message:
Fix possible oops in get_wchan()
linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch:
--- NEW FILE linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch ---
From: David Rientjes <rientjes at google.com>
Date: Tue, 7 Oct 2008 21:15:11 +0000 (-0700)
Subject: x86: avoid dereferencing beyond stack + THREAD_SIZE
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fx86%2Flinux-2.6-tip.git;a=commitdiff_plain;h=60e6258cd43f9b06884f04f0f7cefb9c40f17a32
x86: avoid dereferencing beyond stack + THREAD_SIZE
It's possible for get_wchan() to dereference past task->stack + THREAD_SIZE
while iterating through instruction pointers if fp equals the upper boundary,
causing a kernel panic.
Signed-off-by: David Rientjes <rientjes at google.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
---
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index e12e0e4..5a7c539 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -729,12 +729,12 @@ unsigned long get_wchan(struct task_struct *p)
if (!p || p == current || p->state==TASK_RUNNING)
return 0;
stack = (unsigned long)task_stack_page(p);
- if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE)
+ if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
return 0;
fp = *(u64 *)(p->thread.sp);
do {
if (fp < (unsigned long)stack ||
- fp > (unsigned long)stack+THREAD_SIZE)
+ fp >= (unsigned long)stack+THREAD_SIZE)
return 0;
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
Index: TODO
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/TODO,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- TODO 9 Oct 2008 23:38:54 -0000 1.12
+++ TODO 10 Oct 2008 01:05:41 -0000 1.13
@@ -149,3 +149,9 @@
percpu_counter_sum_cleanup.patch
EXT4 bits for 2.6.28
Eric looks after this stuff.
+
+linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
+ from Ingo's x86/urgent tree, should have been in 2.6.27
+
+linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch
+ scheduled for 2.6.28, should go in 2.6.27-stable after merging
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1037
retrieving revision 1.1038
diff -u -r1.1037 -r1.1038
--- kernel.spec 10 Oct 2008 00:26:03 -0000 1.1037
+++ kernel.spec 10 Oct 2008 01:05:41 -0000 1.1038
@@ -585,6 +585,7 @@
Patch41: linux-2.6-sysrq-c.patch
Patch42: linux-2.6-x86-tune-generic.patch
Patch43: linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch
+Patch44: linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
Patch140: linux-2.6-ps3-ehci-iso.patch
Patch141: linux-2.6-ps3-storage-alias.patch
@@ -1060,6 +1061,8 @@
ApplyPatch linux-2.6-x86-tune-generic.patch
# detect single CPU present at boot properly
ApplyPatch linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch
+# don't oops in get_wchan()
+ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
#
# PowerPC
@@ -1822,6 +1825,9 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Thu Oct 09 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27-2
+- Fix possible oops in get_wchan()
+
* Thu Oct 09 2008 Dave Jones <davej at redhat.com>
- 2.6.27
More information about the scm-commits
mailing list