SRU reguest for LP#249340

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SRU reguest for LP#249340

Stefan Bader-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/249340

Applicable: Gutsy only

SRU justification:

Impact: The patch used to fix (CVE-2008-0598) mm: trim more holes
65e5414318c0af67e05d84664d5de3d9685c16be (gutsy) accidentally dropped a change
that fixed a endless loop in buffered write. This causes upgrades from gutsy to
hardy (and probably other rare cases) to hang.

Fix: Re-add the special case for 0 bytes copied when a zero length segment was
encountered.

Testcase: Verified on a virtual machine. Without the patch the upgrade will
hang, with this fix it will be sucessfull.

- --

When all other means of communication fail, try words!


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIo254P+TjRTJVqvQRAh2KAJ9gof0mSQuJ39NiXBJaFqhOkZxwaACbBXYL
XnjP/xLjIVKTxGOKOAYUFzI=
=Kh6J
-----END PGP SIGNATURE-----

From 451424b0558b16858d436ff5abd1c33f4ef39cf2 Mon Sep 17 00:00:00 2001
From: Stefan Bader <[hidden email]>
Date: Tue, 12 Aug 2008 21:26:15 -0400
Subject: [PATCH] UBUNTU: mm: Fix zero length segment loop

Bug: #249340

The CVE update commit 65e5414318c0af67e05d84664d5de3d9685c16be
    (CVE-2008-0598) mm: trim more holes
to mm/filemap.c accidentally dropped the special handling for zero length
segments as those changes where reverted before the CVE fix was done. Add
the check for zero bytes copied again to go for the next segment in this
case.

Signed-off-by: Stefan Bader <[hidden email]>
---
 mm/filemap.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/mm/filemap.c b/mm/filemap.c
index d511980..802a6bd 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2167,7 +2167,7 @@ zero_length_segment:
  if (unlikely(status > 0)) /* filesystem did partial write */
  copied = status;
 
- if (likely(copied > 0)) {
+ if (likely(copied >= 0)) {
  written += copied;
  count -= copied;
  pos += copied;
--
1.5.4.3


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: SRU reguest for LP#249340

Tim Gardner-2
Stefan Bader wrote:

> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/249340
>
> Applicable: Gutsy only
>
> SRU justification:
>
> Impact: The patch used to fix (CVE-2008-0598) mm: trim more holes
> 65e5414318c0af67e05d84664d5de3d9685c16be (gutsy) accidentally dropped a change
> that fixed a endless loop in buffered write. This causes upgrades from gutsy to
> hardy (and probably other rare cases) to hang.
>
> Fix: Re-add the special case for 0 bytes copied when a zero length segment was
> encountered.
>
> Testcase: Verified on a virtual machine. Without the patch the upgrade will
> hang, with this fix it will be sucessfull.
>

ACK
--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team