[kernel] r19253 - in dists/sid/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at alioth.debian.org
Sat Jul 14 22:10:00 UTC 2012
Author: benh
Date: Sat Jul 14 22:09:58 2012
New Revision: 19253
Log:
epoll: clear the tfile_check_list on -ELOOP (CVE-2012-3375)
Added:
dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Sat Jul 14 15:04:35 2012 (r19252)
+++ dists/sid/linux/debian/changelog Sat Jul 14 22:09:58 2012 (r19253)
@@ -33,6 +33,7 @@
* linux-image: Remove versioned relations where stable version is new enough
* udf: Improve table length check to avoid possible overflow
* CIFS: Respect negotiated MaxMpxCount (deferred from 3.2.14)
+ * epoll: clear the tfile_check_list on -ELOOP (CVE-2012-3375)
-- Ben Hutchings <ben at decadent.org.uk> Fri, 29 Jun 2012 15:01:22 +0100
Added: dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch Sat Jul 14 22:09:58 2012 (r19253)
@@ -0,0 +1,39 @@
+From: Jason Baron <jbaron at redhat.com>
+Date: Wed, 25 Apr 2012 16:01:47 -0700
+Subject: epoll: clear the tfile_check_list on -ELOOP
+
+commit 13d518074a952d33d47c428419693f63389547e9 upstream.
+
+An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent
+circular epoll dependencies from being created. However, in that case we
+do not properly clear the 'tfile_check_list'. Thus, add a call to
+clear_tfile_check_list() for the -ELOOP case.
+
+Signed-off-by: Jason Baron <jbaron at redhat.com>
+Reported-by: Yurij M. Plotnikov <Yurij.Plotnikov at oktetlabs.ru>
+Cc: Nelson Elhage <nelhage at nelhage.com>
+Cc: Davide Libenzi <davidel at xmailserver.org>
+Tested-by: Alexandra N. Kossovsky <Alexandra.Kossovsky at oktetlabs.ru>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ fs/eventpoll.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c
+index 739b098..c0b3c70 100644
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -1663,8 +1663,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
+ if (op == EPOLL_CTL_ADD) {
+ if (is_file_epoll(tfile)) {
+ error = -ELOOP;
+- if (ep_loop_check(ep, tfile) != 0)
++ if (ep_loop_check(ep, tfile) != 0) {
++ clear_tfile_check_list();
+ goto error_tgt_fput;
++ }
+ } else
+ list_add(&tfile->f_tfile_llink, &tfile_check_list);
+ }
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Sat Jul 14 15:04:35 2012 (r19252)
+++ dists/sid/linux/debian/patches/series Sat Jul 14 22:09:58 2012 (r19253)
@@ -367,3 +367,4 @@
bugfix/all/scsi-Silence-unnecessary-warnings-about-ioctl-to-par.patch
bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch
+bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch
More information about the Kernel-svn-changes
mailing list