On 10/09/2015 16:17, Ben Hutchings wrote:
On Thu, 2015-09-10 at 14:55 +0100, Ben Hutchings wrote:Control: tag -1 security patch On Tue, 2015-08-18 at 20:05 +0200, Xavier Chantry wrote:Package: src:linux Version: 3.16.7-ckt11-1 Severity: important Using Debian 3.16.7-ckt4-3 and a simple test case, we were able to reproduce a kernel bug in msync system call.[...] I can reproduce this too. I also found a similar problem with madvise(..., MADV_REMOVE). The attached patch (against 3.16.7-ckt11-1+deb8u3) should fix them both.Actually, try this version instead. Ben.
Yep, I already figured that this change in msync.c from file to vma->vm_file was the one triggering my problem and I reported it upstream:
https://www.mail-archive.com/aufs-users@lists.sourceforge.net/msg05167.htmlJ. R. Okajima acknowledged the problem and that vma->vm_file should not be used, however he plans to keep the fput on vm_prfile. I guess that's needed when doing msync / madvise on aufs ?
https://www.mail-archive.com/aufs-users@lists.sourceforge.net/msg05169.htmlHe said he would post a new fix, but only in a few weeks. It doesn't seem that complicated but well, he looks busy.