[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E5A35CB.7060005@gentoo.org>
Date: Sun, 28 Aug 2011 15:34:19 +0300
From: Stratos Psomadakis <psomas@...too.org>
To: Greg KH <gregkh@...e.de>
CC: linux-kernel@...r.kernel.org, stable@...nel.org,
stable-review@...nel.org, torvalds@...ux-foundation.org,
akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk
Subject: Re: [00/19] 2.6.32.46-longterm review
On 08/27/2011 01:01 AM, Greg KH wrote:
> This is the start of the longterm review cycle for the 2.6.32.46 release.
> There are 19 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let us know. If anyone is a maintainer of the proper subsystem, and
> wants to add a Signed-off-by: line to the patch, please respond with it.
>
> Responses should be made by Monday, August 29, 2011, 12:00:00 UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v2.6/longterm-review/patch-2.6.32.46-rc1.gz
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Hi,
upstream commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 ("tunnels: fix
netns vs proto registration ordering") , which was included in
2.6.32.44-longterm, was not backported correctly, and results in a NULL
pointer dereference in ip6_tunnel.c for longterm kernels 2.6.32.44 and
2.6.32.45.
The bug has been reported at the Gentoo [1] and Debian [2] bugzillas,
and fixed in the latest grsec-patches [3], but I haven't found a report
for this at the lkml (or at the kernel's bugzilla).
The fix is trivial, and I think it can be included in 2.6.32.46, if
possible.
If you want, I can submit it with a new email to stable@...nel.org.
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 7fb3e02..53e0d51 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1466,7 +1466,7 @@ static int __init ip6_tunnel_init(void)
{
int err;
- err = register_pernet_device(&ip6_tnl_net_ops);
+ err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
if (err < 0)
goto out_pernet;
Btw, this has been fixed in grsec-patches, and an identical patch has
also been posted at the Debian bugzilla, so I'm not sure about the
Signed-off-by and Reported-by tags.
[1] https://bugs.gentoo.org/show_bug.cgi?id=380609
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738
[3] http://grsecurity.net/changelog-stable.txt
--
Stratos Psomadakis
<psomas@...too.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists