Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Jan 2012 22:34:52 -0700
From: Kurt Seifried <>
CC: Eugene Teo <>,
        "Steven M. Christey" <>
Subject: Re: CVE request: kernel: Unused iocbs in a batch should
 not be accounted as active

On 01/17/2012 10:30 PM, Eugene Teo wrote:
> commit 69e4747ee9727d660b88d7e1efe0f4afcb35db1b
> Author: Gleb Natapov <>
> Date:   Sun Jan 8 17:07:28 2012 +0200
>     Unused iocbs in a batch should not be accounted as active.
>     Since commit 080d676de095 ("aio: allocate kiocbs in batches") iocbs
> are allocated in a batch during processing of first iocbs.  All iocbs in
> a batch are automatically added to ctx->active_reqs list and accounted
> in ctx->reqs_active.
>     If one (not the last one) of iocbs submitted by an user fails,
> further iocbs are not processed, but they are still present in
> ctx->active_reqs and accounted in ctx->reqs_active.  This causes process
> to stuck in a D state in wait_for_all_aios() on exit since
> ctx->reqs_active will never go down to zero.  Furthermore since
> kiocb_batch_free() frees iocb without removing it from active_reqs list
> the list become corrupted which may cause oops.
>     Fix this by removing iocb from ctx->active_reqs and updating
> ctx->reqs_active in kiocb_batch_free().
>     Signed-off-by: Gleb Natapov <>
>     Reviewed-by: Jeff Moyer <>
>     Cc:   # 3.2
>     Signed-off-by: Linus Torvalds <>
> Issue introduced in v3.2-rc1 via commit 080d676d.
> Thanks, Eugene
Please use CVE-2012-0058 for this issue


-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ