On Thu, 2015-09-10 at 18:39 +0200, Xavier Chantry wrote: > On 10/09/2015 16:17, Ben Hutchings wrote: > > On Thu, 2015-09-10 at 14:55 +0100, Ben Hutchings wrote: > >> Control: tag -1 security patch > >> > >> On Tue, 2015-08-18 at 20:05 +0200, Xavier Chantry wrote: > >>> Package: src:linux > >>> Version: 3.16.7-ckt11-1 > >>> Severity: important > >>> > >>> Using Debian 3.16.7-ckt4-3 and a simple test case, we were able to > >>> reproduce a > >>> kernel bug in msync system call. > >> [...] > >> > >> I can reproduce this too. I also found a similar problem with > >> madvise(..., MADV_REMOVE). The attached patch (against > >> 3.16.7-ckt11-1+deb8u3) should fix them both. > > > > Actually, try this version instead. > > > > Ben. > > > > Yep, I already figured that this change in msync.c from file to > vma->vm_file was the one triggering my problem and I reported it upstream: > https://www.mail-archive.com/[email protected]/msg05167.html > > J. R. Okajima acknowledged the problem and that vma->vm_file should not > be used, however he plans to keep the fput on vm_prfile. I guess that's > needed when doing msync / madvise on aufs ? > https://www.mail-archive.com/[email protected]/msg05169.html > He said he would post a new fix, but only in a few weeks. It doesn't > seem that complicated but well, he looks busy.
In these two places there's nothing using vm_prfile so there should be no need to get or put the reference. Ben.
