[kernel] r13412 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Apr 13 01:23:42 UTC 2009 

Author: dannf
Date: Mon Apr 13 01:23:41 2009
New Revision: 13412

Log:
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
  This issue does not effect pre-build Debian kernels.
   - bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
  See CVE-2009-0859

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
      - copied unchanged from r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/24etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Mon Apr 13 01:05:07 2009	(r13411)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Apr 13 01:23:41 2009	(r13412)
@@ -37,7 +37,10 @@
   * [amd64] syscall-audit: fix 32/64 syscall hole
      - bugfix/syscall-audit-fix-32+64-syscall-hole.patch
     See CVE-2009-0834
-
+  * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
+    This issue does not effect pre-build Debian kernels.
+     - bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
+    See CVE-2009-0859
  -- dann frazier <dannf at debian.org>  Tue, 24 Feb 2009 23:49:22 -0700
 
 linux-2.6 (2.6.18.dfsg.1-24) stable; urgency=high

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch (from r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch	Mon Apr 13 01:23:41 2009	(r13412, copy of r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
@@ -0,0 +1,46 @@
+commit a68e61e8ff2d46327a37b69056998b47745db6fa
+Author: Tony Battersby <tonyb at cybernetics.com>
+Date:   Wed Feb 4 15:12:04 2009 -0800
+
+    shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
+    
+    shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
+    which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
+    ramfs_get_inode() vs.  mm/shmem.c: shmem_get_inode()).
+    
+    This bad assumption can cause shmctl(SHM_INFO) to lockup when
+    shm_get_stat() tries to spin_lock(&info->lock).  Users of !CONFIG_SHMEM
+    may encounter this lockup simply by invoking the 'ipcs' command.
+    
+    Reported by Jiri Olsa back in February 2008:
+    http://lkml.org/lkml/2008/2/29/74
+    
+    Signed-off-by: Tony Battersby <tonyb at cybernetics.com>
+    Cc: Jiri Kosina <jkosina at suse.cz>
+    Reported-by: Jiri Olsa <olsajiri at gmail.com>
+    Cc: Hugh Dickins <hugh at veritas.com>
+    Cc: <stable at kernel.org>		[2.6.everything]
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org
+
+diff -urpN a/ipc/shm.c b/ipc/shm.c
+--- a/ipc/shm.c	2009-04-05 19:32:23.000000000 -0600
++++ b/ipc/shm.c	2009-04-06 00:01:41.000000000 -0600
+@@ -630,11 +630,15 @@ static void shm_get_stat(struct ipc_name
+ 			struct address_space *mapping = inode->i_mapping;
+ 			*rss += (HPAGE_SIZE/PAGE_SIZE)*mapping->nrpages;
+ 		} else {
++#ifdef CONFIG_SHMEM
+ 			struct shmem_inode_info *info = SHMEM_I(inode);
+ 			spin_lock(&info->lock);
+ 			*rss += inode->i_mapping->nrpages;
+ 			*swp += info->swapped;
+ 			spin_unlock(&info->lock);
++#else
++			*rss += inode->i_mapping->nrpages;
++#endif
+ 		}
+ 
+ 		total++;

Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1	Mon Apr 13 01:05:07 2009	(r13411)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1	Mon Apr 13 01:23:41 2009	(r13412)
@@ -72,3 +72,4 @@
 + bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch
 + bugfix/all/skfp-fix-inverted-cap-logic.patch
 + bugfix/syscall-audit-fix-32+64-syscall-hole.patch
++ bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch

More information about the Kernel-svn-changes mailing list