Re: [ 130/184] CVE-2012-4508 kernel: ext4: AIO vs fallocate stale

From: Willy Tarreau
Date: Fri Jun 07 2013 - 01:53:55 EST

On Fri, Jun 07, 2013 at 06:42:05AM +0100, Ben Hutchings wrote:
> On Tue, 2013-06-04 at 19:23 +0200, Willy Tarreau wrote:
> > 2.6.32-longterm review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> > data exposure
> >
> > From: Jamie Iles <jamie.iles@xxxxxxxxxx>
> >
> > CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
> > [dannf: backported to Debian's 2.6.32]
> Well, this has an interesting ancestry. The original upstream commits
> were c278531d39f3158bfee93dc67da0b77e09776de2,
> 60d4616f3dc63371b3dc367e5e88fd4b4f037f65 and (most importantly)
> dee1f973ca341c266229faa5a1a5bb268bed3531 by Dmitry Monakhov
> <dmonakhov@xxxxxxxxxx>. They were backported into the RHEL 6 kernel by
> Lukas Czerner, according to its changelog. Dann got this version from
> Oracle's redpatch repository, where, if I understand rightly, Jamie Iles
> attempted to regenerate Lukas's patch(es).
> Would any of the above named be prepared to put their Signed-off-by to
> this?

Interesting archaeological digging. In the mean time I'm adding this
useful information to the message commit, it never hurts and can be
useful in the future.

Guys, I'm planning on releasing this late this evening on European
time, so it's not too late yet to add your s-o-b.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at