rpms/kernel/F-7 linux-2.6.25.2-incremental.patch, NONE, 1.1 kernel-2.6.spec, 1.3437, 1.3438

Chuck Ebbert (cebbert) fedora-extras-commits at redhat.com
Wed May 14 16:37:45 UTC 2008 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31915

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6.25.2-incremental.patch 
Log Message:
* Wed May 14 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.17-87
- Security fix: CVE-2008-1669 (taken from 2.6.25.2)


linux-2.6.25.2-incremental.patch:

--- NEW FILE linux-2.6.25.2-incremental.patch ---
2.6.25.2 security fix (CVE-2008-1669)

--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1750,6 +1750,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd,
 	struct file_lock *file_lock = locks_alloc_lock();
 	struct flock flock;
 	struct inode *inode;
+	struct file *f;
 	int error;
 
 	if (file_lock == NULL)
@@ -1822,7 +1823,15 @@ again:
 	 * Attempt to detect a close/fcntl race and recover by
 	 * releasing the lock that was just acquired.
 	 */
-	if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
+	/*
+	 * we need that spin_lock here - it prevents reordering between
+	 * update of inode->i_flock and check for it done in close().
+	 * rcu_read_lock() wouldn't do.
+	 */
+	spin_lock(&current->files->file_lock);
+	f = fcheck(fd);
+	spin_unlock(&current->files->file_lock);
+	if (!error && f != filp && flock.l_type != F_UNLCK) {
 		flock.l_type = F_UNLCK;
 		goto again;
 	}
@@ -1878,6 +1887,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd,
 	struct file_lock *file_lock = locks_alloc_lock();
 	struct flock64 flock;
 	struct inode *inode;
+	struct file *f;
 	int error;
 
 	if (file_lock == NULL)
@@ -1950,7 +1960,10 @@ again:
 	 * Attempt to detect a close/fcntl race and recover by
 	 * releasing the lock that was just acquired.
 	 */
-	if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
+	spin_lock(&current->files->file_lock);
+	f = fcheck(fd);
+	spin_unlock(&current->files->file_lock);
+	if (!error && f != filp && flock.l_type != F_UNLCK) {
 		flock.l_type = F_UNLCK;
 		goto again;
 	}



Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-7/kernel-2.6.spec,v
retrieving revision 1.3437
retrieving revision 1.3438
diff -u -r1.3437 -r1.3438
--- kernel-2.6.spec	31 Mar 2008 21:34:39 -0000	1.3437
+++ kernel-2.6.spec	14 May 2008 16:35:02 -0000	1.3438
@@ -496,8 +496,10 @@
 
 %endif
 
-# -stable RC
-#Patch02: patch-2.6.23.9-rc1.bz2
+# these apply even to -vanilla kernels
+Patch02: linux-2.6-build-nonintconfig.patch
+# CVE-2008-1669
+Patch03: linux-2.6.25.2-incremental.patch
 
 %if !%{nopatches}
 
@@ -532,7 +534,6 @@
 Patch130: linux-2.6-ibmvscsi-schizo.patch
 Patch140: linux-2.6-pmac-zilog.patch
 
-Patch150: linux-2.6-build-nonintconfig.patch
 Patch160: linux-2.6-execshield.patch
 Patch170: linux-2.6-modsign-mpilib.patch
 Patch180: linux-2.6-modsign-crypto.patch
@@ -1113,6 +1114,10 @@
 # builds (as used in the buildsystem).
 ApplyPatch linux-2.6-build-nonintconfig.patch
 
+# fixes applied to -vanilla
+# CVE-2008-1669
+ApplyPatch linux-2.6.25.2-incremental.patch
+
 %if !%{nopatches}
 
 # Revert -stable pieces we get from elsewhere here
@@ -2345,8 +2350,11 @@
 %endif
 
 %changelog
+* Wed May 14 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.17-87
+- Security fix: CVE-2008-1669 (taken from 2.6.25.2)
+
 * Mon Mar 31 2008 Jarod Wilson <jwilson at redhat.com> 2.6.23.17-86
-- Patch up paranoid iret cs reg corruption crasher on x86_64 (#431314)
+- Patch up paranoid iret cs reg corruption crasher on x86_64 (F8 #431314)
 
 * Thu Mar 27 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.23.17-85
 - Revert ACPI EC init patch that has been reverted in F8.

More information about the fedora-extras-commits mailing list