Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 651373 - NULL pointer dereference in reading vs. truncating race
NULL pointer dereference in reading vs. truncating race
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.0
All Linux
low Severity high
: rc
: ---
Assigned To: Johannes Weiner
Red Hat Kernel QE team
:
: 661892 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-09 07:32 EST by Johannes Weiner
Modified: 2015-08-31 23:50 EDT (History)
2 users (show)

See Also:
Fixed In Version: kernel-2.6.32-83.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 08:39:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch (657 bytes, text/plain)
2011-03-26 11:43 EDT, IBM Bug Proxy 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0542 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update 2011-05-19 07:58:07 EDT

  None (edit)
Description Johannes Weiner 2010-11-09 07:32:15 EST 
A read() with concurrent truncation opens up a tiny race window that crashes the kernel.

If the read() path finds a page in the page cache that is not yet fully read from disk but truncated again before the reader acquires the page lock, the kernel will crash with a NULL pointer dereference.
Comment 2 RHEL Product and Program Management 2010-11-16 11:31:08 EST 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 3 Aristeu Rozanski 2010-11-17 14:47:37 EST 
Patch(es) available on kernel-2.6.32-83.el6
Comment 5 Steve Best 2010-12-09 16:38:59 EST 
*** Bug 661892 has been marked as a duplicate of this bug. ***
Comment 7 IBM Bug Proxy 2011-03-26 11:43:47 EDT 
------- Comment From sbest@us.ibm.com 2010-11-04 08:41 EDT-------
Dave, thanks for posting upstream.

http://www.spinics.net/lists/linux-mm/msg10985.html

------- Comment From sbest@us.ibm.com 2010-11-09 10:54 EDT-------
Johannes Weiner at RH just posted this patch to rh kernel mailing list.
rh bz is https://bugzilla.redhat.com/show_bug.cgi?id=651373

------- Comment From haveblue@us.ibm.com 2010-11-10 19:22 EDT-------
The patch is in -mm.  Unless something major happens, it's headed into Linus's tree pretty quickly.

------- Comment From haveblue@us.ibm.com 2010-11-16 14:46 EDT-------
Just hit Linus's tree:

http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d056cb965b8fb7c53c564abf28b1962d1061cd3
Comment 8 IBM Bug Proxy 2011-03-26 11:43:53 EDT 
Created attachment 487830 [details]
proposed patch
Comment 10 errata-xmlrpc 2011-05-19 08:39:40 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0542.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.