[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#284356: New release changed symbols thus rendering modules unloadable

On Mon, Dec 13, 2004 at 09:46:56PM +0900, Horms wrote:
> On Mon, Dec 06, 2004 at 05:20:08PM +0100, Thomas Hood wrote:
> > 
> > The original report (#284356) was submitted by Joey Hess and made no
> > reference to proprietary modules.  This affects modules shipped by
> > Debian too.
> > 
> > The problem is that a new Debian release of the "same" kernel (2.4.27-1)
> > has changed symbol version suffixes, thus breaking modules that were
> > compiled against earlier releases of this kernel.
> 
> Hi,
> 
> I think that I have discovered the cause of the problem.
> 
> It seems to be caused by the 093_tty_lockup.diff patch which was applied
> to resolve CAN-2004-081, a security bug relating to race
> conditions in the TTY subsystem. The patch was sourced from
> Jason Baron from Red Hat. I have attached it for reference.

I regret to report that my previous analysis (which I have snipped but
you can find at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84356)
appears to be incorrect.

On further analysis I believe that the problem lies in the following
portion of the 093_tty_lockup.diff patch at the bottom of this message.

This adds a refcount element to struct tty_ldisc. 
Unforunately struct tty_struct includes a element and in turn
struct task_struct includes a struct tty_struct element,
so this change ends up all over the place.

To make matters worse this field appears to be fundamental to
the fix, which I will reiterate at this point is a security fix
for CAN-2004-081.

I checked 2.6 upstream and the refcount field is present.
Curiously upstream 2.4 seems to neither include this field nor
a fix for CAN-2004-0814 (N.B not CAN-2004-081 as I misquoted above). 
If anyone can correct me there I would be most grateful.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814

As it stands it seems whe have two choices.

1. Back out the CAN-2004-081 patch.
   This is trivial and would resolve the symbol problem.
2. Bump the SO name 
   i.e. kernel-{build,headers,image,pcmcia-modiles}-2.4.27-1*
     -> kernel-{build,headers,image,pcmcia-modiles}-2.4.27-2*
   This is not fun, but is probably my prefered option at this point.

Theroretically we might be able to do 1+2 but it looks painful at best.
We may also be able to find a way to fix CAN-2004-081 and avoid
introducing this symbol problem, but I am skeptical.

-- 
Horms

--- linux-2.4.27/include/linux/tty_ldisc.h.bak	Thu Sep 23 17:43:51 2004
+++ linux-2.4.27/include/linux/tty_ldisc.h	Thu Sep 23 17:44:24 2004
@@ -129,6 +129,7 @@ struct tty_ldisc {
 			       char *fp, int count);
 	int	(*receive_room)(struct tty_struct *);
 	void	(*write_wakeup)(struct tty_struct *);
+	int	refcount;
 };
 
 #define TTY_LDISC_MAGIC	0x5403
Reply to: