[kernel-sec-discuss] r5431 - retired
Ben Hutchings
benh at moszumanska.debian.org
Sat Jul 22 23:38:23 UTC 2017
Author: benh
Date: 2017-07-22 23:38:22 +0000 (Sat, 22 Jul 2017)
New Revision: 5431
Modified:
retired/CVE-2015-8952
Log:
Note upstream commit that can be backported to mitigate CVE-2015-8952
Modified: retired/CVE-2015-8952
===================================================================
--- retired/CVE-2015-8952 2017-07-22 07:35:26 UTC (rev 5430)
+++ retired/CVE-2015-8952 2017-07-22 23:38:22 UTC (rev 5431)
@@ -6,11 +6,10 @@
Notes:
bwh> The upstream fix (rewrite of mbcache) is too intrusive to backport.
bwh> We will mitigate this with cond_resched() as suggested in comment 1
- bwh> on the bz.k.o bug report. I don't want to add the no_mbcache mount
- bwh> option as in comment 12 - that is a uAPI extension that we would
- bwh> have to support indefinitely even though it's redundant in new kernel
- bwh> versions. An alternative would be to make ext4 avoid using mbcache
- bwh> for ceph xattrs (I have an untested patch for this).
+ bwh> on the bz.k.o bug report. I didn't want to add the no_mbcache mount
+ bwh> option as in comment 12 because it's a uAPI extension, but it has
+ bwh> now been added upstream (commit cdb7ee4c6327) so I think it would be
+ bwh> reasonable to add it to supported stable releases.
bwh> The problem seems to have been introduced (or exacerbated) by commit
bwh> 1f3e55fe02d1 in 3.15, which added a retry loop in mb_cache_entry_alloc().
Bugs:
More information about the kernel-sec-discuss
mailing list