On 10/09/2015 16:17, Ben Hutchings wrote:
On Thu, 2015-09-10 at 14:55 +0100, Ben Hutchings wrote:
Control: tag -1 security patch
On Tue, 2015-08-18 at 20:05 +0200, Xavier Chantry wrote:
Package: src:linux
Version: 3.16.7-ckt11-1
Severity: important
Using Debian 3.16.7-ckt4-3 and a simple test case, we were able to
reproduce a
kernel bug in msync system call.
[...]
I can reproduce this too. I also found a similar problem with
madvise(..., MADV_REMOVE). The attached patch (against
3.16.7-ckt11-1+deb8u3) should fix them both.
Actually, try this version instead.
Ben.
Yep, I already figured that this change in msync.c from file to
vma->vm_file was the one triggering my problem and I reported it upstream:
https://www.mail-archive.com/[email protected]/msg05167.html
J. R. Okajima acknowledged the problem and that vma->vm_file should not
be used, however he plans to keep the fput on vm_prfile. I guess that's
needed when doing msync / madvise on aufs ?
https://www.mail-archive.com/[email protected]/msg05169.html
He said he would post a new fix, but only in a few weeks. It doesn't
seem that complicated but well, he looks busy.
