[kernel] r19253 - in dists/sid/linux/debian: . patches patches/bugfix/all

Ben Hutchings benh at alioth.debian.org
Sat Jul 14 22:10:00 UTC 2012 

Author: benh
Date: Sat Jul 14 22:09:58 2012
New Revision: 19253

Log:
epoll: clear the tfile_check_list on -ELOOP (CVE-2012-3375)

Added:
   dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch
Modified:
   dists/sid/linux/debian/changelog
   dists/sid/linux/debian/patches/series

Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog	Sat Jul 14 15:04:35 2012	(r19252)
+++ dists/sid/linux/debian/changelog	Sat Jul 14 22:09:58 2012	(r19253)
@@ -33,6 +33,7 @@
   * linux-image: Remove versioned relations where stable version is new enough
   * udf: Improve table length check to avoid possible overflow
   * CIFS: Respect negotiated MaxMpxCount (deferred from 3.2.14)
+  * epoll: clear the tfile_check_list on -ELOOP (CVE-2012-3375)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 29 Jun 2012 15:01:22 +0100
 

Added: dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux/debian/patches/bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch	Sat Jul 14 22:09:58 2012	(r19253)
@@ -0,0 +1,39 @@
+From: Jason Baron <jbaron at redhat.com>
+Date: Wed, 25 Apr 2012 16:01:47 -0700
+Subject: epoll: clear the tfile_check_list on -ELOOP
+
+commit 13d518074a952d33d47c428419693f63389547e9 upstream.
+
+An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent
+circular epoll dependencies from being created.  However, in that case we
+do not properly clear the 'tfile_check_list'.  Thus, add a call to
+clear_tfile_check_list() for the -ELOOP case.
+
+Signed-off-by: Jason Baron <jbaron at redhat.com>
+Reported-by: Yurij M. Plotnikov <Yurij.Plotnikov at oktetlabs.ru>
+Cc: Nelson Elhage <nelhage at nelhage.com>
+Cc: Davide Libenzi <davidel at xmailserver.org>
+Tested-by: Alexandra N. Kossovsky <Alexandra.Kossovsky at oktetlabs.ru>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ fs/eventpoll.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c
+index 739b098..c0b3c70 100644
+--- a/fs/eventpoll.c
++++ b/fs/eventpoll.c
+@@ -1663,8 +1663,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
+ 	if (op == EPOLL_CTL_ADD) {
+ 		if (is_file_epoll(tfile)) {
+ 			error = -ELOOP;
+-			if (ep_loop_check(ep, tfile) != 0)
++			if (ep_loop_check(ep, tfile) != 0) {
++				clear_tfile_check_list();
+ 				goto error_tgt_fput;
++			}
+ 		} else
+ 			list_add(&tfile->f_tfile_llink, &tfile_check_list);
+ 	}

Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series	Sat Jul 14 15:04:35 2012	(r19252)
+++ dists/sid/linux/debian/patches/series	Sat Jul 14 22:09:58 2012	(r19253)
@@ -367,3 +367,4 @@
 
 bugfix/all/scsi-Silence-unnecessary-warnings-about-ioctl-to-par.patch
 bugfix/all/udf-Improve-table-length-check-to-avoid-possible-underflow.patch
+bugfix/all/epoll-clear-the-tfile_check_list-on-eloop.patch

More information about the Kernel-svn-changes mailing list