These upstream commits:
commit 946e51f2bf37f1656916eb75bd0742ba33983c28
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Sun Oct 26 19:19:16 2014 -0400
move d_rcu from overlapping d_child to overlapping d_alias
commit ca5358ef75fc69fee5322a38a340f5739d997c10
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Sun Oct 26 19:31:10 2014 -0400
deal with deadlock in d_walk()
fix a local denial-of-service vulnerability, designated CVE-2014-8559.
So far, they have only been applied in stable versions 3.18.1 and (with
substantial changes) 3.2.66. However, according to
<https://lkml.org/lkml/2014/10/25/179> the bug was introduced by "fs:
dcache avoid starvation in dcache multi-step operations", i.e. commit
58db63d08679 in 2.6.38-rc1. So all the 3.x branches should be fixed.
The first commit is likely to result in conflicts and/or compiler errors
when applied to any earlier kernel version; they can be resolved by:
- Mechanical substitution in references to struct dentry fields:
s/d_alias/d_u.d_alias/; s/d_u\.d_child/d_child/
- For versions before 3.15, moving the WARN_ON() to d_free() rather than
dentry_free()
I think the second commit should apply cleanly to 3.12 and later, but
for earlier versions the changes to d_walk() need to be replicated in
all the functions that use try_to_ascend(). My backport to 3.2 might
also be suitable for 3.4 and 3.10, but I still haven't had a positive
confirmation from Al that it's correct.
Ben.
--
Ben Hutchings
One of the nice things about standards is that there are so many of them.
Attachment:
signature.asc
Description: This is a digitally signed message part