Bug 677173 - mpctl module doesn't release fasync_struct at file close [rhel-5.6.z]
Summary: mpctl module doesn't release fasync_struct at file close [rhel-5.6.z]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.4
Hardware: Unspecified
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Jiri Pirko
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On: 660871
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-13 20:51 UTC by RHEL Product and Program Management
Modified: 2018-11-14 16:24 UTC (History)
11 users (show)

Fixed In Version: kernel-2.6.18-238.7.1.el5
Doc Type: Bug Fix
Doc Text:
Calling the mptctl_fasync() function to enable async notification caused the fasync_struct data structure, which was allocated, to never be freed. fasync_struct remained on the event list of the mptctl module even after a file was closed and released. After the file was closed, fasync_struct had an invalid file pointer which was dereferenced when the mptctl module called the kill_fasync() function to report any events. The use of the invalid file pointer could result in a deadlock on the system because the send_sigio() function tried to acquire the rwlock in the f_owner field of the previously closed file. With this update, a release callback function has been added for the file operations in the mptctl module. fasync_struct is now properly freed when a file is closed, no longer causing a deadlock.
Clone Of:
Environment:
Last Closed: 2011-04-12 18:20:32 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0429 normal SHIPPED_LIVE Important: kernel security and bug fix update 2011-04-12 18:19:57 UTC

Description RHEL Product and Program Management 2011-02-13 20:51:01 UTC
This bug has been copied from bug #660871 and has been proposed
to be backported to 5.6 z-stream (EUS).

Comment 4 Jiri Pirko 2011-03-04 13:12:41 UTC
in kernel-2.6.18-238.7.1.el5

linux-2.6-message-mptfusion-add-required-mptctl_release-call.patch

Comment 6 errata-xmlrpc 2011-04-12 18:20:32 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0429.html

Comment 7 Martin Prpič 2011-04-14 10:31:28 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Calling the mptctl_fasync() function to enable async notification caused the fasync_struct data structure, which was allocated, to never be freed. fasync_struct remained on the event list of the mptctl module even after a file was closed and released. After the file was closed, fasync_struct had an invalid file pointer which was dereferenced when the mptctl module called the kill_fasync() function to report any events. The use of the invalid file pointer could result in a deadlock on the system because the send_sigio() function tried to acquire the rwlock in the f_owner field of the previously closed file. With this update, a release callback function has been added for the file operations in the mptctl module. fasync_struct is now properly freed when a file is closed, no longer causing a deadlock.


Note You need to log in before you can comment on or make changes to this bug.