kernel-packages team mailing list archive

Thread
Date

[Bug 1327300] Re: Regression in commit 8e4e453d548e3c24e9070eda23c52f210951b921

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1327300@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Jun 2014 16:37:28 -0000
Reply-to: Bug 1327300 <1327300@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux - 2.6.32-62.125

---------------
linux (2.6.32-62.125) lucid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1328140

  [ John Johansen ]

  * SAUCE: (no-up) Fix regression introduced by patch, for CVE-2014-3153
    - LP: #1327300

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf

  [ Upstream Kernel Changes ]

  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1319561, #1319563
    - CVE-2014-3145
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Mon, 09 Jun 2014 07:11:00 -0700

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3145

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3153

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1327300

Title:
  Regression in commit 8e4e453d548e3c24e9070eda23c52f210951b921

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released

Bug description:
  Phil Turnbull reported a problem with the Lucid (2.6.32) backport of
    futex: Always cleanup owner tid in unlock_pi
    commit: 8e4e453d548e3c24e9070eda23c52f210951b921

  In patches-2.6.32.tgz:patches/0003-futex-Always-cleanup-owner-tid-in-unlock_pi.$
  there is this change (ignoring whitespace changes):

          curval = cmpxchg_futex_value_locked(uaddr, uval, newval);
  -
  -               if (curval == -EFAULT)
  +       if (curval)
                  ret = -EFAULT;

  which seems to change the behaviour of the function.

  The purpose of the return value of cmpxchg_futex_value_locked changed
  in

  37a9d912b24f96a0591 "futex: Sanitize cmpxchg_futex_value_locked API"

  which is not included in 2.6.32. This patch changes the return value to a
  status code, but in 2.6.32 the return value is the value of the futex or
  -EFAULT. With this backported patch, any futex with a non-zero value will
  return -EFAULT.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1327300/+subscriptions

References

[Bug 1327300] [NEW] Regression in commit 8e4e453d548e3c24e9070eda23c52f210951b921
From: John Johansen, 2014-06-06