When will the mremap() kernel bug get patched?
There was an announcement on Slashdot about a new Linux kernel vulnerability. I checked the slackware security page and still no fix. Anybody know an ETA for a fix, and if it's worth worrying about?
You can get the patches from www.kernel.org
Don't necessarily always have to wait for Patrick to make his own for Slackware, etc.
I know that this is the second mremap() fix. Is this the correct version:
[PATCH] mremap NULL pointer dereference fix
This is a cleaned-up version of a mremap() fix for "move_one_page()"
by Rajesh Venkatasubramanian <email@example.com>. We could use a NULL
Because while we do hold the MM semaphore over the whole sequence, the
destination page table allocation will possibly drop the page table
spinlock. That in turn can cause a clean source page to be stolen by
page reclaim, causing the source-side "get_one_pte_map_nested()" to
return NULL the second time around even if it didn't on the first case.
So we just check "src" again, and get rid of the bogus TLB invalidate
while we're at it.
Are you using the 2.4.x series or 2.6.x series? 2.4.25 will fix it in that series and I do believe the 2.6.3 is the fix for that series.
That Slashdot story was a dupe. All they reported was a document that showed more info about the second mremap bug than was initally disclosed. There is no third mremap bug.
It has been known and fixed for a while (kernel 2.4.25 has the fix).
|All times are GMT -5. The time now is 03:30 PM.|