[linux] 02/07: mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Mar 14 14:16:59 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie-security
in repository linux.

commit 57753e8cfd76e239a61a86a2ae79d3d7069d8aa8
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Tue Mar 14 00:44:07 2017 +0000

    mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
    
    Mitigates CVE-2015-8952.
    
    We could do better than this (I have an untested patch for ext4 to
    make ceph xattrs uncached) but I don't see any Debian bug reports
    about ceph so I don't think it's worth going further.
---
 debian/changelog                                   |  2 ++
 ...tarting-iteration-in-mb_cache_entry_alloc.patch | 22 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 25 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ee44e6f..4792e57 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 linux (3.16.39-1+deb8u3) UNRELEASED; urgency=medium
 
   * timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
+  * mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
+    (mitigates CVE-2015-8952)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Mon, 13 Mar 2017 23:29:39 +0000
 
diff --git a/debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch b/debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
new file mode 100644
index 0000000..66a16c3
--- /dev/null
+++ b/debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
@@ -0,0 +1,22 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 13 Mar 2017 23:47:47 +0000
+Subject: mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
+Bug: https://bugzilla.kernel.org/show_bug.cgi?id=107301
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2015-8952
+
+When there are too many different xattr sets for mbcache to work
+properly, mb_cache_entry_alloc() may restart repeatedly, leading to
+a soft-lockup.  Add a cond_resched() to mitigate this slightly.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+--- a/fs/mbcache.c
++++ b/fs/mbcache.c
+@@ -529,6 +529,7 @@ mb_cache_entry_alloc(struct mb_cache *ca
+ 					!list_empty(&ce->e_lru_list)) {
+ 					hlist_bl_unlock(ce->e_index_hash_p);
+ 					hlist_bl_unlock(ce->e_block_hash_p);
++					cond_resched();
+ 					l = &mb_cache_lru_list;
+ 					spin_lock(&mb_cache_spinlock);
+ 					continue;
diff --git a/debian/patches/series b/debian/patches/series
index f35e777..ddd05d3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -705,6 +705,7 @@ bugfix/all/tty-n_hdlc-get-rid-of-racy-n_hdlc.tbuf.patch
 bugfix/x86/kvm-nvmx-allow-l1-to-intercept-software-exceptions-bp-and-of.patch
 bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch
 bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
+bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
 
 # Fix ABI changes
 debian/of-fix-abi-changes.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list