[kernel] r13412 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 13 01:23:42 UTC 2009
Author: dannf
Date: Mon Apr 13 01:23:41 2009
New Revision: 13412
Log:
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
This issue does not effect pre-build Debian kernels.
- bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
See CVE-2009-0859
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
- copied unchanged from r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/24etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Mon Apr 13 01:05:07 2009 (r13411)
+++ dists/etch-security/linux-2.6/debian/changelog Mon Apr 13 01:23:41 2009 (r13412)
@@ -37,7 +37,10 @@
* [amd64] syscall-audit: fix 32/64 syscall hole
- bugfix/syscall-audit-fix-32+64-syscall-hole.patch
See CVE-2009-0834
-
+ * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
+ This issue does not effect pre-build Debian kernels.
+ - bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
+ See CVE-2009-0859
-- dann frazier <dannf at debian.org> Tue, 24 Feb 2009 23:49:22 -0700
linux-2.6 (2.6.18.dfsg.1-24) stable; urgency=high
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch (from r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch Mon Apr 13 01:23:41 2009 (r13412, copy of r13406, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch)
@@ -0,0 +1,46 @@
+commit a68e61e8ff2d46327a37b69056998b47745db6fa
+Author: Tony Battersby <tonyb at cybernetics.com>
+Date: Wed Feb 4 15:12:04 2009 -0800
+
+ shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
+
+ shm_get_stat() assumes that the inode is a "struct shmem_inode_info",
+ which is incorrect for !CONFIG_SHMEM (see fs/ramfs/inode.c:
+ ramfs_get_inode() vs. mm/shmem.c: shmem_get_inode()).
+
+ This bad assumption can cause shmctl(SHM_INFO) to lockup when
+ shm_get_stat() tries to spin_lock(&info->lock). Users of !CONFIG_SHMEM
+ may encounter this lockup simply by invoking the 'ipcs' command.
+
+ Reported by Jiri Olsa back in February 2008:
+ http://lkml.org/lkml/2008/2/29/74
+
+ Signed-off-by: Tony Battersby <tonyb at cybernetics.com>
+ Cc: Jiri Kosina <jkosina at suse.cz>
+ Reported-by: Jiri Olsa <olsajiri at gmail.com>
+ Cc: Hugh Dickins <hugh at veritas.com>
+ Cc: <stable at kernel.org> [2.6.everything]
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org
+
+diff -urpN a/ipc/shm.c b/ipc/shm.c
+--- a/ipc/shm.c 2009-04-05 19:32:23.000000000 -0600
++++ b/ipc/shm.c 2009-04-06 00:01:41.000000000 -0600
+@@ -630,11 +630,15 @@ static void shm_get_stat(struct ipc_name
+ struct address_space *mapping = inode->i_mapping;
+ *rss += (HPAGE_SIZE/PAGE_SIZE)*mapping->nrpages;
+ } else {
++#ifdef CONFIG_SHMEM
+ struct shmem_inode_info *info = SHMEM_I(inode);
+ spin_lock(&info->lock);
+ *rss += inode->i_mapping->nrpages;
+ *swp += info->swapped;
+ spin_unlock(&info->lock);
++#else
++ *rss += inode->i_mapping->nrpages;
++#endif
+ }
+
+ total++;
Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1 Mon Apr 13 01:05:07 2009 (r13411)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1 Mon Apr 13 01:23:41 2009 (r13412)
@@ -72,3 +72,4 @@
+ bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch
+ bugfix/all/skfp-fix-inverted-cap-logic.patch
+ bugfix/syscall-audit-fix-32+64-syscall-hole.patch
++ bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
More information about the Kernel-svn-changes
mailing list