rpms/kernel/FC-4 linux-2.6-vm-invalidate_inode_pages2-DoS.patch, NONE, 1.1 kernel-2.6.spec, 1.1514, 1.1515
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Nov 23 20:24:37 UTC 2005
Author: davej
Update of /cvs/dist/rpms/kernel/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv991
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-vm-invalidate_inode_pages2-DoS.patch
Log Message:
32bit integer overflow in invalidate_inode_pages2() (local DoS)
linux-2.6-vm-invalidate_inode_pages2-DoS.patch:
truncate.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE linux-2.6-vm-invalidate_inode_pages2-DoS.patch ---
Subject: 32bit integer overflow in invalidate_inode_pages2() (local DoS)
Hello!
Today looking for a way to do atomic page-unmap + removing page from
page cache, I found 32 bit integer overflow in invalidate_inode_pages2_range.
Attached program demonstrates the problem (on x86 with 2.6.14
I quickly get SOFT Lockup trace and after a few seconds entire
userspace locks up (not sure why)).
Seems that all 2.6 kernels are having same problem, 2.6.5 has similar
(though not identical) code.
Please consider this patch below:
--- linux-2.6.14/mm/truncate.c.orig 2005-11-23 16:34:21.000000000 +0200
+++ linux-2.6.14/mm/truncate.c 2005-11-23 16:37:18.000000000 +0200
@@ -291,8 +291,8 @@
* Zap the rest of the file in one hit.
*/
unmap_mapping_range(mapping,
- page_index << PAGE_CACHE_SHIFT,
- (end - page_index + 1)
+ (loff_t)page_index<<PAGE_CACHE_SHIFT,
+ (loff_t)(end - page_index + 1)
<< PAGE_CACHE_SHIFT,
0);
did_range_unmap = 1;
@@ -301,8 +301,8 @@
* Just zap this page
*/
unmap_mapping_range(mapping,
- page_index << PAGE_CACHE_SHIFT,
- PAGE_CACHE_SIZE, 0);
+ (loff_t)page_index<<PAGE_CACHE_SHIFT,
+ PAGE_CACHE_SIZE, 0);
}
}
was_dirty = test_clear_page_dirty(page);
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-4/kernel-2.6.spec,v
retrieving revision 1.1514
retrieving revision 1.1515
diff -u -r1.1514 -r1.1515
--- kernel-2.6.spec 23 Nov 2005 20:21:15 -0000 1.1514
+++ kernel-2.6.spec 23 Nov 2005 20:24:33 -0000 1.1515
@@ -362,6 +362,7 @@
# VM bits.
Patch2000: linux-2.6-vm-oomkiller-debugging.patch
Patch2001: linux-2.6-vm-silence-atomic-alloc-failures.patch
+Patch2002: linux-2.6-vm-invalidate_inode_pages2-DoS.patch
#
@@ -809,6 +810,8 @@
%patch2000 -p1
# Silence GFP_ATOMIC failures.
%patch2001 -p1
+# Fix 32bit integer overflow in invalidate_inode_pages2()
+%patch2002 -p1
#
# Patches 5000 to 6000 are reserved for new drivers that are about to
@@ -1252,6 +1255,9 @@
%endif
%changelog
+* Wed Nov 23 2005 Dave Jones <davej at redhat.com> [2.6.14-1.1642_FC4]
+- Fix 32bit integer overflow in invalidate_inode_pages2() (local DoS)
+
* Wed Nov 23 2005 Dave Jones <davej at redhat.com> [2.6.14-1.1641_FC4]
- Merge patches likely to end up in 2.6.14.3
More information about the fedora-cvs-commits
mailing list