First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 119087
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
fix-double-decrement-in-sys_mq_open.patch fix-double-decrement-in-sys_mq_open.patch patch Kerin Millar 2006-01-15 20:30 0000 2.60 KB Details | Diff
fix-double-decrement-in-sys_mq_open.patch fix-double-decrement-in-sys_mq_open.patch (inc. git header) patch Kerin Millar 2006-01-15 20:35 0000 3.71 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 119087 depends on: Show dependency tree
Show dependency graph
Bug 119087 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-01-15 06:24 0000 
From: Alexander Viro <aviro@redhat.com>
Date: Sat, 14 Jan 2006 20:29:55 +0000 (-0500)
Subject: [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open
X-Git-Url:
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6

[PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open

Fixed the refcounting on failure exits in sys_mq_open() and
cleaned the logics up.  Rules are actually pretty simple - dentry_open()
expects vfsmount and dentry to be pinned down and it either transfers
them into created struct file or drops them.  Old code had been very
confused in that area - if dentry_open() had failed either in do_open()
or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
by dentry_open() cleanup and then by sys_mq_open().

Fix consists of making the rules for do_create() and do_open()
same as for dentry_open() and updating the sys_mq_open() accordingly;
that actually leads to more straightforward code and less work on
normal path.

Signed-off-by: Al Viro <aviro@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

------- Comment #1 From Tim Yamin (RETIRED) 2006-01-15 06:57:41 0000 ------- 
CCing maintainers:

ck-sources-2.6: marineam
gentoo-sources-2.6: dsd
hardened-sources-2.6: kerframil/hardened
hppa-sources-2.6: GMSoft
mips-sources-2.6: Kumba
rsbac-sources-2.6: kang
suspend2-sources-2.6: brix
xbox-sources-2.6: gimli

------- Comment #2 From Kerin Millar 2006-01-15 20:30:06 0000 ------- 
Created an attachment (id=77224) [edit]
fix-double-decrement-in-sys_mq_open.patch

Patch. Applies against 2.6.14 and 2.6.15 (not sure about earlier versions).

------- Comment #3 From Kerin Millar 2006-01-15 20:35:07 0000 ------- 
Created an attachment (id=77226) [edit]
fix-double-decrement-in-sys_mq_open.patch (inc. git header)

Revision. Exactly the same, just added the git header stuff and commit message
at the top.

------- Comment #4 From Guy Martin 2006-01-16 08:16:49 0000 ------- 
hppa-sources-2.6.15.1_p4 in CVS.

------- Comment #5 From Daniel Drake 2006-01-31 15:49:58 0000 ------- 
Fixed in gentoo-sources-2.6.15-r2 (genpatches-2.6.15-4) and Linux 2.6.15.2

------- Comment #6 From Kerin Millar 2006-02-01 10:23:43 0000 ------- 
Fixed in hardened-sources-2.6.15-r5 and genpatches-2.6.14-10.

------- Comment #7 From Henrik Brix Andersen 2006-02-02 04:34:18 0000 ------- 
Fixed in suspend2-sources-2.6.15-r5.

------- Comment #8 From Tim Yamin (RETIRED) 2006-04-20 10:54:56 0000 ------- 
All fixed now, thanks!
First Last Prev Next    No search results available      Search page      Enter new bug