Bug 711205 - [REGRESSION] In rt31.64.el5rt regression in signal.c
Summary: [REGRESSION] In rt31.64.el5rt regression in signal.c
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel
Version: 2.0
Hardware: All
OS: Linux
unspecified
high
Target Milestone: 2.0.2
: ---
Assignee: Luis Claudio R. Goncalves
QA Contact: David Sommerseth
URL:
Whiteboard:
Depends On: 711198
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-06 19:56 UTC by Jeremy Eder
Modified: 2016-05-22 23:32 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The fix to a possible signal spoofing case in the kernel implemented a set of too strict checks related to si_code. Consequence: User space glibc's aio implementation receives permission errors (EPERM) in legitimate requests. Fix: relax the si_code check, observing the security implications fixed before. Result: restore previous behavior.
Clone Of: 711198
Environment:
Last Closed: 2011-08-22 05:56:50 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1192 0 normal SHIPPED_LIVE Red Hat Enterprise MRG 2.0 Realtime bug fix and enhancement update 2011-08-22 05:56:45 UTC

Comment 3 Paul Morgan 2011-06-09 22:11:15 UTC 
posting a public comment for searchability...

original symptom:

------------[ cut here ]------------
WARNING: at kernel/signal.c:2487 sys_rt_sigqueueinfo+0x66/0x9c()
Hardware name: ProLiant BL460c G6
Modules linked in: [snip]
Pid: 7548, comm: umestored Not tainted 2.6.33.9-rt31.64.el5rt #1
Call Trace:
 [<ffffffff81054a1f>] ? sys_rt_sigqueueinfo+0x66/0x9c
 [<ffffffff81042403>] warn_slowpath_common+0x7c/0x94
 [<ffffffff8104242f>] warn_slowpath_null+0x14/0x16
 [<ffffffff81054a1f>] sys_rt_sigqueueinfo+0x66/0x9c
 [<ffffffff81002cdb>] system_call_fastpath+0x16/0x1b
---[ end trace 1841b12aaca9853b ]---

cause: 

commit da48524eb20662618854bb3df2db01fc65f3070c included in kernel-rt-2.6.33.9-rt31.64.el5rt

solution:

deploy kernel-rt-2.6.33.9-rt31.65.el5rt, which includes
commit 243b422af9ea9af4ead07a8ad54c90d4f9b6081a

Significant testing with an in-house reproducer indicates kernel-rt-2.6.33.9-rt31.65.el5rt is a clean fix.
Comment 4 Luis Claudio R. Goncalves 2011-07-18 16:34:14 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: The fix to a possible signal spoofing case in the kernel implemented a set of too strict checks related to si_code.
Consequence: User space glibc's aio implementation receives permission errors (EPERM) in legitimate requests.
Fix: relax the si_code check, observing the security implications fixed before. 
Result: restore previous behavior.
Comment 5 David Sommerseth 2011-08-11 15:38:46 UTC 
Verified by code review.

Found upstream commit 243b422af9ea9af4ead07a8ad54c90d4f9b6081a applied to mrg-rt dev tree as 061d9bef7d6672d8cad37aedfa7e57e7e77c34e6 applied to kernel-rt-2.6.33.9-rt31.73.src.rpm.
Comment 6 errata-xmlrpc 2011-08-22 05:56:50 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1192.html
Note You need to log in before you can comment on or make changes to this bug.