[kernel-sec-discuss] r3830 - active

[Ben Hutchings]

Author: benh
Date: 2015-06-14 20:47:31 +0000 (Sun, 14 Jun 2015)
New Revision: 3830

Modified:
   active/CVE-2014-8172
Log:
Update dependencies for CVE-2014-8172 and give up on backporting it

I investigated this a bit further and found that the previously
identified dependency wouldn't be needed for 3.2 but other things
would be.  We would then need to fix up aufs as it messes with the
structures that are changed.  So I give up on this for 3.2.


Modified: active/CVE-2014-8172
===================================================================
--- active/CVE-2014-8172	2015-06-14 18:18:24 UTC (rev 3829)
+++ active/CVE-2014-8172	2015-06-14 20:47:31 UTC (rev 3830)
@@ -1,16 +1,16 @@
 Description: soft lockup on aio
 References:
 Notes:
- bwh> This is fixed by replacing locked access to a doubly-linked list
- bwh> with a lockless singly-linked list.  First commit (in 3.11) removed
- bwh> one user; second commit removed the list and related locking
- bwh> altogether.
+ bwh> This is fixed by introducing finer-grained locking and lockless
+ bwh> lists.  The last commit removes the superblock files list and
+ bwh> related locking altogether; the previous two are needed to make
+ bwh> read-only remounting work without that.
 Bugs: 
-upstream: released (3.13) [4f5e65a1cc90bbb15b9f6cdc362922af1bcc155a, eee5cc2702929fd41cce28058dc6d6717f723f87]
+upstream: released (3.13) [39f7c4db1d2d9e2e2a90abdf34811783089d217d, 4ed5e82fe77f4147cf386327c9a63a2dd7eff518, eee5cc2702929fd41cce28058dc6d6717f723f87]
 2.6.32-upstream-stable: ignored
 sid: released (3.13.4-1)
 3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security:
+3.2-wheezy-security: ignored "Doesn't appear to be fixable without major locking changes"
 2.6.32-squeeze-security: ignored "Doesn't appear to be fixable without major locking changes"
 3.16-upstream-stable: N/A "Fixed before initial release"
 3.2-upstream-stable: