[kernel] r13885 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jul 6 04:17:09 UTC 2009
Author: dannf
Date: Mon Jul 6 04:17:07 2009
New Revision: 13885
Log:
splice: fix deadlock in ocfs2 (CVE-2009-1961)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch
- copied, changed from r13882, dists/lenny/linux-2.6/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Jul 6 04:03:07 2009 (r13884)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Jul 6 04:17:07 2009 (r13885)
@@ -6,6 +6,7 @@
* cifs: fix several string conversion issues (CVE-2009-1633)
* [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
(CVE-2009-1914)
+ * splice: fix deadlock in ocfs2 (CVE-2009-1961)
-- dann frazier <dannf at debian.org> Sat, 06 Jun 2009 09:49:28 -0600
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch (from r13882, dists/lenny/linux-2.6/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch)
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch Sun Jul 5 21:39:24 2009 (r13882, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/ocfs2-splice-deadlock.patch Mon Jul 6 04:17:07 2009 (r13885)
@@ -33,12 +33,12 @@
Cc: stable at kernel.org
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/fs/ocfs2/file.c linux-source-2.6.26/fs/ocfs2/file.c
---- linux-source-2.6.26.orig/fs/ocfs2/file.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/fs/ocfs2/file.c 2009-06-09 00:15:54.000000000 -0600
-@@ -2089,7 +2089,7 @@ static ssize_t ocfs2_file_splice_write(s
+diff -urpN linux-source-2.6.24.orig/fs/ocfs2/file.c linux-source-2.6.24/fs/ocfs2/file.c
+--- linux-source-2.6.24.orig/fs/ocfs2/file.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/ocfs2/file.c 2009-07-05 21:37:39.000000000 -0600
+@@ -2056,7 +2056,7 @@ static ssize_t ocfs2_file_splice_write(s
out->f_path.dentry->d_name.len,
out->f_path.dentry->d_name.name);
@@ -47,7 +47,7 @@
ret = ocfs2_rw_lock(inode, 1);
if (ret < 0) {
-@@ -2104,12 +2104,16 @@ static ssize_t ocfs2_file_splice_write(s
+@@ -2071,12 +2071,16 @@ static ssize_t ocfs2_file_splice_write(s
goto out_unlock;
}
@@ -65,10 +65,10 @@
mlog_exit(ret);
return ret;
-diff -urpN linux-source-2.6.26.orig/fs/splice.c linux-source-2.6.26/fs/splice.c
---- linux-source-2.6.26.orig/fs/splice.c 2009-05-11 12:06:55.000000000 -0600
-+++ linux-source-2.6.26/fs/splice.c 2009-06-09 00:17:13.000000000 -0600
-@@ -726,10 +726,19 @@ ssize_t splice_from_pipe(struct pipe_ino
+diff -urpN linux-source-2.6.24.orig/fs/splice.c linux-source-2.6.24/fs/splice.c
+--- linux-source-2.6.24.orig/fs/splice.c 2008-10-10 00:11:29.000000000 -0600
++++ linux-source-2.6.24/fs/splice.c 2009-07-05 21:35:23.000000000 -0600
+@@ -738,10 +738,19 @@ ssize_t splice_from_pipe(struct pipe_ino
* ->commit_write. Most of the time, these expect i_mutex to
* be held. Since this may result in an ABBA deadlock with
* pipe->inode, we have to order lock acquiry here.
@@ -90,24 +90,3 @@
return ret;
}
-@@ -820,11 +829,17 @@ generic_file_splice_write(struct pipe_in
- };
- ssize_t ret;
-
-- inode_double_lock(inode, pipe->inode);
-+ WARN_ON(S_ISFIFO(inode->i_mode));
-+ mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
- ret = remove_suid(out->f_path.dentry);
-- if (likely(!ret))
-+ if (likely(!ret)) {
-+ if (pipe->inode)
-+ mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
- ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
-- inode_double_unlock(inode, pipe->inode);
-+ if (pipe->inode)
-+ mutex_unlock(&pipe->inode->i_mutex);
-+ }
-+ mutex_unlock(&inode->i_mutex);
- if (ret > 0) {
- unsigned long nr_pages;
-
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.2 Mon Jul 6 04:03:07 2009 (r13884)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.2 Mon Jul 6 04:17:07 2009 (r13885)
@@ -6,3 +6,4 @@
+ features/ich10-raid-mode-sata-controller-ids.patch
+ bugfix/all/stable/2.6.24.6.patch
+ bugfix/all/stable/2.6.24.7.patch
++ bugfix/all/ocfs2-splice-deadlock.patch
More information about the Kernel-svn-changes
mailing list