-   Slackware (
-   -   When will the mremap() kernel bug get patched? (

KingofBLASH 03-08-2004 05:04 PM

When will the mremap() kernel bug get patched?
There was an announcement on Slashdot about a new Linux kernel vulnerability. I checked the slackware security page and still no fix. Anybody know an ETA for a fix, and if it's worth worrying about?



trickykid 03-08-2004 05:06 PM

You can get the patches from

Don't necessarily always have to wait for Patrick to make his own for Slackware, etc.

KingofBLASH 03-08-2004 05:17 PM

I know that this is the second mremap() fix. Is this the correct version:

[PATCH] mremap NULL pointer dereference fix

This is a cleaned-up version of a mremap() fix for "move_one_page()"
by Rajesh Venkatasubramanian <>. We could use a NULL
"src" pointer.

Because while we do hold the MM semaphore over the whole sequence, the
destination page table allocation will possibly drop the page table
spinlock. That in turn can cause a clean source page to be stolen by
page reclaim, causing the source-side "get_one_pte_map_nested()" to
return NULL the second time around even if it didn't on the first case.

So we just check "src" again, and get rid of the bogus TLB invalidate
while we're at it.

trickykid 03-08-2004 05:26 PM

Are you using the 2.4.x series or 2.6.x series? 2.4.25 will fix it in that series and I do believe the 2.6.3 is the fix for that series.


Dravis 03-08-2004 05:53 PM

That Slashdot story was a dupe. All they reported was a document that showed more info about the second mremap bug than was initally disclosed. There is no third mremap bug.

It has been known and fixed for a while (kernel 2.4.25 has the fix).

All times are GMT -5. The time now is 06:39 PM.