rpms/kernel/F-9 linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch, NONE, 1.1 kernel.spec, 1.788, 1.789

Chuck Ebbert cebbert at fedoraproject.org
Fri Oct 10 08:43:57 UTC 2008 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28564

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch 
Log Message:
Fix possible oops in get_wchan()

linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch:

--- NEW FILE linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch ---
From: David Rientjes <rientjes at google.com>
Date: Tue, 7 Oct 2008 21:15:11 +0000 (-0700)
Subject: x86: avoid dereferencing beyond stack + THREAD_SIZE
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fx86%2Flinux-2.6-tip.git;a=commitdiff_plain;h=60e6258cd43f9b06884f04f0f7cefb9c40f17a32

x86: avoid dereferencing beyond stack + THREAD_SIZE

It's possible for get_wchan() to dereference past task->stack + THREAD_SIZE
while iterating through instruction pointers if fp equals the upper boundary,
causing a kernel panic.

Signed-off-by: David Rientjes <rientjes at google.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
---

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index e12e0e4..5a7c539 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -729,12 +729,12 @@ unsigned long get_wchan(struct task_struct *p)
 	if (!p || p == current || p->state==TASK_RUNNING)
 		return 0; 
 	stack = (unsigned long)task_stack_page(p);
-	if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE)
+	if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
 		return 0;
 	fp = *(u64 *)(p->thread.sp);
 	do { 
 		if (fp < (unsigned long)stack ||
-		    fp > (unsigned long)stack+THREAD_SIZE)
+		    fp >= (unsigned long)stack+THREAD_SIZE)
 			return 0; 
 		ip = *(u64 *)(fp+8);
 		if (!in_sched_functions(ip))


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.788
retrieving revision 1.789
diff -u -r1.788 -r1.789
--- kernel.spec	9 Oct 2008 16:47:10 -0000	1.788
+++ kernel.spec	10 Oct 2008 08:43:26 -0000	1.789
@@ -608,6 +608,7 @@
 Patch100: linux-2.6-x86-pci-detect-end_bus_number.patch
 Patch101: linux-2.6-x86-check-for-null-irq-context.patch
 Patch102: linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch
+Patch103: linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
 
 Patch120: linux-2.6-pci-disable-aspm-per-acpi-fadt-setting.patch
 Patch121: linux-2.6-pci-disable-aspm-on-pre-1.1-devices.patch
@@ -1085,6 +1086,8 @@
 ApplyPatch linux-2.6-x86-check-for-null-irq-context.patch
 # add config option to disable adding CPUs after boot
 ApplyPatch linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch
+# fix oops in get_wchan()
+ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
 
 # disable ASPM on devices that don't support it
 ApplyPatch linux-2.6-pci-disable-aspm-per-acpi-fadt-setting.patch
@@ -1896,6 +1899,9 @@
 %kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
 
 %changelog
+* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-62
+- Fix possible oops in get_wchan()
+
 * Thu Oct 09 2008 Kyle McMartin <kyle at redhat.com> 2.6.26.6-61
 - add e1000e: write protect nvram to prevent corruption patch from upstream

More information about the scm-commits mailing list