diff --git a/cve-2011-2502.patch b/cve-2011-2502.patch deleted file mode 100644 index a681b62..0000000 --- a/cve-2011-2502.patch +++ /dev/null @@ -1,60 +0,0 @@ -commit e75e70e736ea53078eaa9fd36a5f7186e3e2235c -Author: Josh Stone -Date: Fri Jun 24 14:21:26 2011 -0700 - - rhbz716476: Don't allow path-based auth for uprobes - - For users that are only members of stapusr, and not stapdev, we only - allow loading modules that are either signed with a trusted certificate - or located in controlled paths. For the script itself, that path is - /lib/modules/.../systemtap/, and for uprobes it is the runtime. When - this policy was first written, uprobes only ever came from the runtime - path, so the path check just returned 1 always. - - Later, commit 474d17ad added an optional argument to staprun -u, to - allow the user to specify their own signed copy of uprobes to load. - Unfortunately, if presented with an unsigned module, that would still - fall back to the path check, which blissfully approved it anyway. - - Our policy is now that stapusr can only load a signed uprobes.ko, so the - path check for uprobes now unconditionally returns 0. - -diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c -index 74eef9c..82754d4 100644 ---- a/runtime/staprun/staprun_funcs.c -+++ b/runtime/staprun/staprun_funcs.c -@@ -387,8 +387,10 @@ check_stap_module_path(const char *module_path, int module_fd) - } - - /* -- * Members of the 'stapusr' group can load the uprobes module freely, -- * since it is loaded from a fixed path in the installed runtime. -+ * Don't allow path-based authorization for the uprobes module at all. -+ * Members of the 'stapusr' group can load a signed uprobes module, but -+ * nothing else. Later we could consider allowing specific paths, like -+ * the installed runtime or /lib/modules/... - * - * Returns: -1 on errors, 0 on failure, 1 on success. - */ -@@ -398,7 +400,7 @@ check_uprobes_module_path ( - int module_fd __attribute__ ((unused)) - ) - { -- return 1; -+ return 0; - } - - /* -@@ -596,10 +598,8 @@ void assert_uprobes_module_permissions( - if (check_signature_rc == MODULE_ALTERED) - exit(-1); - #else -- /* If we don't have NSS, then the uprobes module is considered trusted. -- Otherwise a member of the group 'stapusr' will not be able to load it. -- */ -- check_signature_rc = MODULE_OK; -+ /* If we don't have NSS, the uprobes module is considered untrusted. */ -+ check_signature_rc = MODULE_UNTRUSTED; - #endif - - /* root can still load this module. */ diff --git a/cve-2011-2503.patch b/cve-2011-2503.patch deleted file mode 100644 index 652b61f..0000000 --- a/cve-2011-2503.patch +++ /dev/null @@ -1,88 +0,0 @@ -commit fa6b56faaa56c98203dcc3fbdda5eab3d91ec62d -Author: Josh Stone -Date: Fri Jun 24 15:00:41 2011 -0700 - - rhbz716489: read instead of mmap to load modules - - As staprun is preparing to load a kernel module, we first mmap the whole - module as MAP_PRIVATE. Then we proceed with our security checks, - including a trusted-signature validation on the mapped region, and if - all checks out, we'll call init_module() with that same mapped region. - - However, MMAP(2) says of MAP_PRIVATE, "It is unspecified whether changes - made to the file after the mmap() call are visible in the mapped - region." From my testing, it appears that file changes do indeed show - up in our mapped memory. This means we have a TOCTOU race between - verifying the signature of that memory and then calling init_module(). - - By using read() instead of mmap(), we ensure that we have a fully - private copy of the module to verify and load, without fear of change. - -diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c -index 74eef9c..e0a5a46 100644 ---- a/runtime/staprun/staprun_funcs.c -+++ b/runtime/staprun/staprun_funcs.c -@@ -49,7 +49,7 @@ int insert_module( - assert_permissions_func assert_permissions - ) { - int i; -- long ret; -+ long ret, module_read; - void *module_file; - char *opts; - int saved_errno; -@@ -109,17 +109,39 @@ int insert_module( - return -1; - } - -- /* mmap in the entire module. Work with the memory mapped data from this -- point on to avoid a TOCTOU race between path and signature checking -- below and module loading. */ -- module_file = mmap(NULL, sbuf.st_size, PROT_READ, MAP_PRIVATE, module_fd, 0); -- if (module_file == MAP_FAILED) { -- _perr("Error mapping '%s'", module_realpath); -+ /* Allocate memory for the entire module. */ -+ module_file = calloc(1, sbuf.st_size); -+ if (module_file == NULL) { -+ _perr("Error allocating memory to read '%s'", module_realpath); - close(module_fd); - free(opts); - return -1; - } - -+ /* read in the entire module. Work with this copy of the data from this -+ point on to avoid a TOCTOU race between path and signature checking -+ below and module loading. */ -+ module_read = 0; -+ while (module_read < sbuf.st_size) { -+ ret = read(module_fd, module_file + module_read, -+ sbuf.st_size - module_read); -+ if (ret > 0) -+ module_read += ret; -+ else if (ret == 0) { -+ _err("Unexpected EOF reading '%s'", module_realpath); -+ free(module_file); -+ close(module_fd); -+ free(opts); -+ return -1; -+ } else if (errno != EINTR) { -+ _perr("Error reading '%s'", module_realpath); -+ free(module_file); -+ close(module_fd); -+ free(opts); -+ return -1; -+ } -+ } -+ - /* Check whether this module can be loaded by the current user. - * check_permissions will exit(-1) if permissions are insufficient*/ - assert_permissions (module_realpath, module_fd, module_file, sbuf.st_size); -@@ -131,7 +153,7 @@ int insert_module( - - /* Cleanup. */ - free(opts); -- munmap(module_file, sbuf.st_size); -+ free(module_file); - close(module_fd); - - if (ret != 0) { diff --git a/swbz12899.patch b/swbz12899.patch deleted file mode 100644 index fb6e1a5..0000000 --- a/swbz12899.patch +++ /dev/null @@ -1,178 +0,0 @@ -commit b571f9347c4a54facadb5e948e1430bd2b89158a -Author: Stan Cox -Date: Fri Jun 10 09:42:43 2011 -0400 - - Don't process the dtrace -o FILENAME. - - dtrace.in (main): Use suffix for both -h and -G. Check gcc return code. - dtrace.exp: Massage results accordingly. - -commit f6b267eb5f999ce380f1169ba4aa81945b8b8fd2 -Author: Stan Cox -Date: Tue Jun 14 16:16:59 2011 -0400 - - Improve dtrace handling of CC environment variable. - - * dtrace.in (main): Split CC to allow for application Makefile abuse. - -commit 4c353c3a6d5a7b75c3e897f1605ae6a98b0b1951 -Author: Stan Cox -Date: Tue Jun 14 17:36:23 2011 -0400 - - Split command line pieces with shlex - - dtrace.in (main): Use shlex.split for CPP, CC, and CFLAGS - -commit 12aad6f0ee85529fa29d6b0790f7afc6f075a808 -Author: Stan Cox -Date: Wed Jun 15 15:52:38 2011 -0400 - - Do status setting and exit at the top level. - - * dtrace.in (main): Use return instead of sys.exit; move sys.exit to top. - -diff --git a/dtrace.in b/dtrace.in -index a64d110..c1ea1fe 100755 ---- a/dtrace.in -+++ b/dtrace.in -@@ -17,6 +17,7 @@ import os - import posix - import string - import sys -+import shlex - from subprocess import call - from tempfile import mkstemp - -@@ -179,7 +180,7 @@ def help (): - def main(): - if (len(sys.argv) < 2): - usage() -- sys.exit(1) -+ return 1 - - i = 1 - build_header = False -@@ -187,7 +188,7 @@ def main(): - add_typedefs = False - keep_temps = False - use_cpp = False -- h_ext = '.h' -+ suffix = "" - filename = "" - s_filename = "" - includes = [] -@@ -205,10 +206,12 @@ def main(): - defines.append(sys.argv[i]) - elif (sys.argv[i] == "-h"): - build_header = True -+ suffix = ".h" - elif (sys.argv[i].startswith("-I")): - includes.append(sys.argv[i]) - elif (sys.argv[i] == "-G"): - build_source = True -+ suffix = ".o" - elif (sys.argv[i] == "-k"): - keep_temps = True - elif (sys.argv[i] == "--types"): -@@ -218,17 +221,16 @@ def main(): - i += 1 - if (build_header == False and build_source == False): - usage() -- sys.exit(1) -+ return 1 - - if (s_filename != "" and use_cpp): - (d,fn) = mkstemp(suffix=".d") - CPP = os.environ.get("CPP", "cpp") -- args = [CPP] + includes + defines + [s_filename, fn] -- retcode = call(args) -+ retcode = call(shlex.split(CPP) + includes + defines + [s_filename, fn]) - if (retcode != 0): - print "\"cpp includes s_filename\" failed" - usage() -- sys.exit(1) -+ return 1 - s_filename = fn - if (filename == ""): - if (s_filename != ""): -@@ -236,15 +238,12 @@ def main(): - filename = os.path.basename(filename) - else: - usage() -- sys.exit(1) -+ return 1 - else: -- if (build_header): -- h_ext = "" -- else: -- (filename,ext) = os.path.splitext(filename) -+ suffix = "" - if (build_header): - providers = _provider() -- providers.generate(s_filename, filename + h_ext, add_typedefs) -+ providers.generate(s_filename, filename + suffix, add_typedefs) - elif (build_source): - (basename,ext) = os.path.splitext(s_filename) - -@@ -265,9 +264,13 @@ def main(): - f.close() - CC = os.environ.get("CC", "gcc") - CFLAGS = "-g " + os.environ.get("CFLAGS", "") -- call([CC, "-fPIC"] + defines + includes + CFLAGS.split() + -- ["-I.", "-I@prefix@/include", "-c", fn, "-o", -- filename + ".o"], shell=False) -+ retcode = call(shlex.split(CC) + defines + includes + shlex.split(CFLAGS) + -+ ["-fPIC", "-I.", "-I@prefix@/include", "-c", fn, "-o", -+ filename + suffix], shell=False) -+ if (retcode != 0): -+ print "\"gcc " + fn + "\" failed" -+ usage() -+ return 1 - if (not keep_temps): - os.remove(fn) - else: -@@ -277,6 +280,7 @@ def main(): - os.remove(s_filename) - else: - print "cpp: " + s_filename -+ return 0 - - if __name__ == "__main__": -- main() -+ sys.exit(main()) -diff --git a/testsuite/systemtap.base/dtrace.exp b/testsuite/systemtap.base/dtrace.exp -index b301793..cd97c79 100644 ---- a/testsuite/systemtap.base/dtrace.exp -+++ b/testsuite/systemtap.base/dtrace.exp -@@ -60,12 +60,12 @@ exec rm -f XXX.o - - verbose -log "$dtrace -G -s $dpath -o XXX" - catch {exec $dtrace -G -s $dpath -o XXX} --if {[file exists XXX.o]} then { -+if {[file exists XXX]} then { - pass "dtrace -G -o XXX" - } else { - fail "dtrace -G -o XXX" - } --exec rm -f XXX.o -+exec rm -f XXX - - verbose -log "$dtrace -h -s $dpath -o XXX.h" - catch {exec $dtrace -h -s $dpath -o XXX.h} -@@ -96,12 +96,12 @@ exec rm -f /tmp/XXX.o - - verbose -log "$dtrace -G -s $dpath -o /tmp/XXX" - catch {exec $dtrace -G -s $dpath -o /tmp/XXX} --if {[file exists /tmp/XXX.o]} then { -- pass "dtrace -G -o /tmp/XXX.o" -+if {[file exists /tmp/XXX]} then { -+ pass "dtrace -G -o /tmp/XXX" - } else { -- fail "dtrace -G -o /tmp/XXX.o" -+ fail "dtrace -G -o /tmp/XXX" - } --exec rm -f /tmp/XXX.o -+exec rm -f /tmp/XXX - - verbose -log "$dtrace -h -s $dpath -o /tmp/XXX.h" - catch {exec $dtrace -h -s $dpath -o /tmp/XXX.h} diff --git a/swbz12927.patch b/swbz12927.patch deleted file mode 100644 index 9e6721b..0000000 --- a/swbz12927.patch +++ /dev/null @@ -1,72 +0,0 @@ -commit 0bbb80098decc9c4c43a1800538007d86b600bba -Author: Josh Stone -Date: Tue Jun 7 11:23:13 2011 -0700 - - stapconf: Conditionalize stacktrace_ops.warning{,_symbol} - - Kernel commit 449a66f removed these fields. - - * buildrun.cxx: Include the new test. - * runtime/autoconf-stacktrace_ops-warning.c: Check the warning field. - * runtime/stack.c: Conditionalize the warning initialization. - -diff --git a/buildrun.cxx b/buildrun.cxx -index 0bebc35..79f8818 100644 ---- a/buildrun.cxx -+++ b/buildrun.cxx -@@ -215,6 +215,8 @@ compile_pass (systemtap_session& s) - output_autoconf(s, o, "autoconf-ring_buffer-flags.c", "STAPCONF_RING_BUFFER_FLAGS", NULL); - output_autoconf(s, o, "autoconf-kallsyms-on-each-symbol.c", "STAPCONF_KALLSYMS_ON_EACH_SYMBOL", NULL); - output_autoconf(s, o, "autoconf-walk-stack.c", "STAPCONF_WALK_STACK", NULL); -+ output_autoconf(s, o, "autoconf-stacktrace_ops-warning.c", -+ "STAPCONF_STACKTRACE_OPS_WARNING", NULL); - output_autoconf(s, o, "autoconf-mm-context-vdso.c", "STAPCONF_MM_CONTEXT_VDSO", NULL); - output_autoconf(s, o, "autoconf-blk-types.c", "STAPCONF_BLK_TYPES", NULL); - output_autoconf(s, o, "autoconf-perf-structpid.c", "STAPCONF_PERF_STRUCTPID", NULL); -diff --git a/runtime/autoconf-stacktrace_ops-warning.c b/runtime/autoconf-stacktrace_ops-warning.c -new file mode 100644 -index 0000000..9c00f05 ---- /dev/null -+++ b/runtime/autoconf-stacktrace_ops-warning.c -@@ -0,0 +1,10 @@ -+/* Some kernels have warning fields in stacktrace_ops. */ -+#include -+#include -+ -+void foo (void) -+{ -+ struct stacktrace_ops t; -+ t.warning = 0; -+ (void) t; -+} -diff --git a/runtime/stack.c b/runtime/stack.c -index 68a7e4f..b2d5d1d 100644 ---- a/runtime/stack.c -+++ b/runtime/stack.c -@@ -73,6 +73,7 @@ struct print_stack_data - int level; - }; - -+#if defined(STAPCONF_STACKTRACE_OPS_WARNING) - static void print_stack_warning(void *data, char *msg) - { - } -@@ -81,6 +82,7 @@ static void - print_stack_warning_symbol(void *data, char *msg, unsigned long symbol) - { - } -+#endif - - static int print_stack_stack(void *data, char *name) - { -@@ -95,8 +97,10 @@ static void print_stack_address(void *data, unsigned long addr, int reliable) - } - - static const struct stacktrace_ops print_stack_ops = { -+#if defined(STAPCONF_STACKTRACE_OPS_WARNING) - .warning = print_stack_warning, - .warning_symbol = print_stack_warning_symbol, -+#endif - .stack = print_stack_stack, - .address = print_stack_address, - #if defined(STAPCONF_WALK_STACK) diff --git a/systemtap-sdt.patch b/systemtap-sdt.patch deleted file mode 100644 index f933c85..0000000 --- a/systemtap-sdt.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c02332052959e4213a59ce0ff40354f51506103a Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Wed, 6 Jul 2011 23:07:51 +0200 -Subject: [PATCH] Silence sys/sdt.h comparison of unsigned expression < 0 is always false. - -Some arm g++ setups would complain about the wchar_t "signedness detection": -sys/sdt.h:102: error: comparison of unsigned expression < 0 is always false - -jistone said: "((T)(-1) < 1)" would still get the right boolean value, -and shouldn't trigger range errors like "unsigned is never < 0". ---- - includes/sys/sdt.h | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/includes/sys/sdt.h b/includes/sys/sdt.h -index f7e1360..0a9fd40 100644 ---- a/includes/sys/sdt.h -+++ b/includes/sys/sdt.h -@@ -77,7 +77,7 @@ struct __sdt_type - #define __SDT_ALWAYS_SIGNED(T) \ - template<> struct __sdt_type { static const bool __sdt_signed = true; }; - #define __SDT_COND_SIGNED(T) \ --template<> struct __sdt_type { static const bool __sdt_signed = ((T)(-1) < 0); }; -+template<> struct __sdt_type { static const bool __sdt_signed = ((T)(-1) < 1); }; - __SDT_ALWAYS_SIGNED(signed char) - __SDT_ALWAYS_SIGNED(short) - __SDT_ALWAYS_SIGNED(int) --- -1.7.3.4 -