Linux 2.6.25.2 - Kernel

This is a discussion on Linux 2.6.25.2 - Kernel ; We (the -stable team) are announcing the release of the 2.6.25.2 kernel. It fixes one pretty nasty security bug. All users of the 2.6.25 series are strongly encouraged to upgrade. Many thanks to Al Viro for finding and fixing this ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Linux 2.6.25.2

  1. Linux 2.6.25.2

    We (the -stable team) are announcing the release of the 2.6.25.2 kernel.

    It fixes one pretty nasty security bug. All users of the 2.6.25 series
    are strongly encouraged to upgrade.

    Many thanks to Al Viro for finding and fixing this problem.

    I'll also be replying to this message with a copy of the patch between
    2.6.25.1 and 2.6.25.2

    The updated 2.6.25.y git tree can be found at:
    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.25.y.git
    and can be browsed at the normal kernel.org git web browser:
    http://git.kernel.org/?p=linux/kerne....git;a=summary

    thanks,

    greg k-h

    --------

    Makefile | 2 +-
    fs/locks.c | 17 +++++++++++++++--
    2 files changed, 16 insertions(+), 3 deletions(-)


    Al Viro (1):
    fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)

    Greg Kroah-Hartman (1):
    Linux 2.6.25.2

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: Linux 2.6.25.2

    diff --git a/Makefile b/Makefile
    index 675d37c..621f7b3 100644
    --- a/Makefile
    +++ b/Makefile
    @@ -1,7 +1,7 @@
    VERSION = 2
    PATCHLEVEL = 6
    SUBLEVEL = 25
    -EXTRAVERSION = .1
    +EXTRAVERSION = .2
    NAME = Funky Weasel is Jiggy wit it

    # *DOCUMENTATION*
    diff --git a/fs/locks.c b/fs/locks.c
    index 43c0af2..159e0f6 100644
    --- a/fs/locks.c
    +++ b/fs/locks.c
    @@ -1750,6 +1750,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd,
    struct file_lock *file_lock = locks_alloc_lock();
    struct flock flock;
    struct inode *inode;
    + struct file *f;
    int error;

    if (file_lock == NULL)
    @@ -1822,7 +1823,15 @@ again:
    * Attempt to detect a close/fcntl race and recover by
    * releasing the lock that was just acquired.
    */
    - if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
    + /*
    + * we need that spin_lock here - it prevents reordering between
    + * update of inode->i_flock and check for it done in close().
    + * rcu_read_lock() wouldn't do.
    + */
    + spin_lock(&current->files->file_lock);
    + f = fcheck(fd);
    + spin_unlock(&current->files->file_lock);
    + if (!error && f != filp && flock.l_type != F_UNLCK) {
    flock.l_type = F_UNLCK;
    goto again;
    }
    @@ -1878,6 +1887,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd,
    struct file_lock *file_lock = locks_alloc_lock();
    struct flock64 flock;
    struct inode *inode;
    + struct file *f;
    int error;

    if (file_lock == NULL)
    @@ -1950,7 +1960,10 @@ again:
    * Attempt to detect a close/fcntl race and recover by
    * releasing the lock that was just acquired.
    */
    - if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
    + spin_lock(&current->files->file_lock);
    + f = fcheck(fd);
    + spin_unlock(&current->files->file_lock);
    + if (!error && f != filp && flock.l_type != F_UNLCK) {
    flock.l_type = F_UNLCK;
    goto again;
    }
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread