On Mon, Dec 13, 2004 at 09:46:56PM +0900, Horms wrote:
> On Mon, Dec 06, 2004 at 05:20:08PM +0100, Thomas Hood wrote:
> >
> > The original report (#284356) was submitted by Joey Hess and made no
> > reference to proprietary modules. This affects modules shipped by
> > Debian too.
> >
> > The problem is that a new Debian release of the "same" kernel (2.4.27-1)
> > has changed symbol version suffixes, thus breaking modules that were
> > compiled against earlier releases of this kernel.
>
> Hi,
>
> I think that I have discovered the cause of the problem.
>
> It seems to be caused by the 093_tty_lockup.diff patch which was applied
> to resolve CAN-2004-081, a security bug relating to race
> conditions in the TTY subsystem. The patch was sourced from
> Jason Baron from Red Hat. I have attached it for reference.
On further analysis I believe that the problem lies in the following
portion of the 093_tty_lockup.diff patch at the bottom of this message.
This adds a refcount element to struct tty_ldisc.
Unforunately struct tty_struct includes a element and in turn
struct task_struct includes a struct tty_struct element,
so this change ends up all over the place.
To make matters worse this field appears to be fundamental to
the fix, which I will reiterate at this point is a security fix
for CAN-2004-081.
I checked 2.6 upstream and the refcount field is present.
Curiously upstream 2.4 seems to neither include this field nor
a fix for CAN-2004-0814 (N.B not CAN-2004-081 as I misquoted above).
If anyone can correct me there I would be most grateful.
1. Back out the CAN-2004-081 patch.
This is trivial and would resolve the symbol problem.
2. Bump the SO name
i.e. kernel-{build,headers,image,pcmcia-modiles}-2.4.27-1*
-> kernel-{build,headers,image,pcmcia-modiles}-2.4.27-2*
This is not fun, but is probably my prefered option at this point.
Theroretically we might be able to do 1+2 but it looks painful at best.
We may also be able to find a way to fix CAN-2004-081 and avoid
introducing this symbol problem, but I am skeptical.
Message-ID: <email address hidden>
Date: Wed, 15 Dec 2004 13:28:50 +0900
From: Horms <email address hidden>
To: Thomas Hood <email address hidden>, <email address hidden>
Cc: <email address hidden>,
<email address hidden>, <email address hidden>,
<email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: Bug#284356: New release changed symbols thus rendering modules unloadable
On Mon, Dec 13, 2004 at 09:46:56PM +0900, Horms wrote:
> On Mon, Dec 06, 2004 at 05:20:08PM +0100, Thomas Hood wrote:
> >
> > The original report (#284356) was submitted by Joey Hess and made no
> > reference to proprietary modules. This affects modules shipped by
> > Debian too.
> >
> > The problem is that a new Debian release of the "same" kernel (2.4.27-1)
> > has changed symbol version suffixes, thus breaking modules that were
> > compiled against earlier releases of this kernel.
>
> Hi,
>
> I think that I have discovered the cause of the problem.
>
> It seems to be caused by the 093_tty_lockup.diff patch which was applied
> to resolve CAN-2004-081, a security bug relating to race
> conditions in the TTY subsystem. The patch was sourced from
> Jason Baron from Red Hat. I have attached it for reference.
I regret to report that my previous analysis (which I have snipped but bugs.debian. org/cgi- bin/bugreport. cgi?bug= 84356)
you can find at http://
appears to be incorrect.
On further analysis I believe that the problem lies in the following
portion of the 093_tty_lockup.diff patch at the bottom of this message.
This adds a refcount element to struct tty_ldisc.
Unforunately struct tty_struct includes a element and in turn
struct task_struct includes a struct tty_struct element,
so this change ends up all over the place.
To make matters worse this field appears to be fundamental to
the fix, which I will reiterate at this point is a security fix
for CAN-2004-081.
I checked 2.6 upstream and the refcount field is present.
Curiously upstream 2.4 seems to neither include this field nor
a fix for CAN-2004-0814 (N.B not CAN-2004-081 as I misquoted above).
If anyone can correct me there I would be most grateful.
http:// cve.mitre. org/cgi- bin/cvename. cgi?name= CAN-2004- 0814
As it stands it seems whe have two choices.
1. Back out the CAN-2004-081 patch. {build, headers, image,pcmcia- modiles} -2.4.27- 1* {build, headers, image,pcmcia- modiles} -2.4.27- 2*
This is trivial and would resolve the symbol problem.
2. Bump the SO name
i.e. kernel-
-> kernel-
This is not fun, but is probably my prefered option at this point.
Theroretically we might be able to do 1+2 but it looks painful at best.
We may also be able to find a way to fix CAN-2004-081 and avoid
introducing this symbol problem, but I am skeptical.
--
Horms
--- linux-2. 4.27/include/ linux/tty_ ldisc.h. bak Thu Sep 23 17:43:51 2004 4.27/include/ linux/tty_ ldisc.h Thu Sep 23 17:44:24 2004 room)(struct tty_struct *); wakeup) (struct tty_struct *);
+++ linux-2.
@@ -129,6 +129,7 @@ struct tty_ldisc {
char *fp, int count);
int (*receive_
void (*write_
+ int refcount;
};
#define TTY_LDISC_MAGIC 0x5403