rpms/kernel/F-11 make-sock_sendpage-use-kernel_sendpage.patch, NONE, 1.1.2.1 kernel.spec, 1.1679.2.6, 1.1679.2.7

Sat Aug 15 00:27:04 UTC 2009

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31777

Modified Files:
      Tag: private-fedora-11-2_6_29_6
	kernel.spec 
Added Files:
      Tag: private-fedora-11-2_6_29_6
	make-sock_sendpage-use-kernel_sendpage.patch 
Log Message:
* Fri Aug 14 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217.2.7
- CVE-2009-2692: Fix sock sendpage NULL ptr deref.


make-sock_sendpage-use-kernel_sendpage.patch:
 socket.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE make-sock_sendpage-use-kernel_sendpage.patch ---
From: Linus Torvalds <torvalds at linux-foundation.org>
Date: Thu, 13 Aug 2009 15:28:36 +0000 (-0700)
Subject: Make sock_sendpage() use kernel_sendpage()
X-Git-Tag: v2.6.31-rc6~8
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=e694958388c50148389b0e9b9e9e8945cf0f1b98

Make sock_sendpage() use kernel_sendpage()

kernel_sendpage() does the proper default case handling for when the
socket doesn't have a native sendpage implementation.

Now, arguably this might be something that we could instead solve by
just specifying that all protocols should do it themselves at the
protocol level, but we really only care about the common protocols.
Does anybody really care about sendpage on something like Appletalk? Not
likely.

Acked-by: David S. Miller <davem at davemloft.net>
Acked-by: Julien TINNES <julien at cr0.org>
Acked-by: Tavis Ormandy <taviso at sdf.lonestar.org>
Cc: stable at kernel.org
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---

diff --git a/net/socket.c b/net/socket.c
index 791d71a..6d47165 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -736,7 +736,7 @@ static ssize_t sock_sendpage(struct file *file, struct page *page,
 	if (more)
 		flags |= MSG_MORE;
 
-	return sock->ops->sendpage(sock, page, offset, size, flags);
+	return kernel_sendpage(sock, page, offset, size, flags);
 }
 
 static ssize_t sock_splice_read(struct file *file, loff_t *ppos,


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1679.2.6
retrieving revision 1.1679.2.7
diff -u -p -r1.1679.2.6 -r1.1679.2.7
--- kernel.spec	13 Aug 2009 18:36:36 -0000	1.1679.2.6
+++ kernel.spec	15 Aug 2009 00:27:03 -0000	1.1679.2.7
@@ -609,6 +609,8 @@ Patch30: linux-2.6-iommu-fixes.patch
 
 Patch41: linux-2.6-sysrq-c.patch
 
+Patch50: make-sock_sendpage-use-kernel_sendpage.patch
+
 #Patch101: linux-2.6-e820-save-restore-edi-ebp.patch
 #Patch102: linux-2.6-e820-acpi3-bios-workaround.patch
 #Patch103: linux-2.6-e820-guard-against-pre-acpi3.patch
@@ -1232,6 +1234,7 @@ ApplyPatch linux-2.6-iommu-fixes.patch
 # enable sysrq-c on all kernels, not only kexec
 ApplyPatch linux-2.6-sysrq-c.patch
 
+
 # Architecture patches
 # x86(-64)
 #ApplyPatch linux-2.6-e820-save-restore-edi-ebp.patch
@@ -1540,6 +1543,8 @@ ApplyPatch personality-fix-per_clear_on_
 # don't optimize out null pointer tests
 ApplyPatch add-fno-delete-null-pointer-checks-to-gcc-cflags.patch
 
+ApplyPatch make-sock_sendpage-use-kernel_sendpage.patch
+
 # VIA: add 64-bit padlock support, sdmmc driver, temp sensor driver
 ApplyPatch via-centaur-merge-32-64-bit-init.patch
 ApplyPatch via-padlock-fix-might-sleep.patch
@@ -2137,6 +2142,9 @@ fi
 # and build.
 
 %changelog
+* Fri Aug 14 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217.2.7
+- CVE-2009-2692: Fix sock sendpage NULL ptr deref.
+
 * Thu Aug 13 2009 Kristian Høgsberg <krh at redhat.com> - 2.6.29.6-217.2.6
 - Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management
   code.  Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.


