Bug#412132: cacct interface misscalced about 100 TB

Fri, 23 Feb 2007 15:28:11 -0800 

severity 412132 important
user debian-kernel@lists.debian.org
usertag dkt-waiting-etch-update
tags 412132 +patch
thanks

On Fri, Feb 23, 2007 at 11:19:57PM +0100, Patrick Matthäi wrote:
> I think I've found a serious bug in the vserver image for amd64.
> We're running a daemon, which is logging the traffic of all 
> hostmachines. Now I've found a very big mistake in the 
> /proc/virtual/<id>/cacct interface.

Known. Can be fixed with the first stable update, not security relevant.

Available patch, needs to be fixed to avoid abi change (use atomic_t and crop
at the printf):

diff -Nurp linux-2.6.19.2-vs2.2.0-rc9/include/linux/vserver/cacct_def.h 
linux-2.6.19.2-vs2.2.0-rc9.longatomic/include/linux/vserver/cacct_def.h
--- linux-2.6.19.2-vs2.2.0-rc9/include/linux/vserver/cacct_def.h        
2007-01-11 18:10:53.000000000 +0100
+++ linux-2.6.19.2-vs2.2.0-rc9.longatomic/include/linux/vserver/cacct_def.h     
2007-02-02 18:17:38.000000000 +0100
@@ -6,8 +6,8 @@
 
 
 struct _vx_sock_acc {
-       atomic_t count;
-       atomic_t total;
+       atomic_long_t count;
+       atomic_long_t total;
 };
 
 /* context sub struct */
@@ -30,9 +30,9 @@ static inline void __dump_vx_cacct(struc
 
                printk("\t [%d] =", i);
                for (j=0; j<3; j++) {
-                       printk(" [%d] = %8d, %8d", j,
-                               atomic_read(&ptr[j].count),
-                               atomic_read(&ptr[j].total));
+                       printk(" [%d] = %8ld, %8ld", j,
+                               atomic_long_read(&ptr[j].count),
+                               atomic_long_read(&ptr[j].total));
                }
                printk("\n");
        }
diff -Nurp linux-2.6.19.2-vs2.2.0-rc9/include/linux/vs_socket.h 
linux-2.6.19.2-vs2.2.0-rc9.longatomic/include/linux/vs_socket.h
--- linux-2.6.19.2-vs2.2.0-rc9/include/linux/vs_socket.h        2007-01-11 
18:10:52.000000000 +0100
+++ linux-2.6.19.2-vs2.2.0-rc9.longatomic/include/linux/vs_socket.h     
2007-02-02 18:18:14.000000000 +0100
@@ -38,8 +38,8 @@ static inline void __vx_acc_sock(struct 
        if (vxi) {
                int type = vx_sock_type(family);
 
-               atomic_inc(&vxi->cacct.sock[type][pos].count);
-               atomic_add(size, &vxi->cacct.sock[type][pos].total);
+               atomic_long_inc(&vxi->cacct.sock[type][pos].count);
+               atomic_long_add(size, &vxi->cacct.sock[type][pos].total);
        }
 }
 
Bastian

-- 
Without freedom of choice there is no creativity.
                -- Kirk, "The return of the Archons", stardate 3157.4

Reply via email to