On Mon, Dec 13, 2004 at 09:46:56PM +0900, Horms wrote: > On Mon, Dec 06, 2004 at 05:20:08PM +0100, Thomas Hood wrote: > > > > The original report (#284356) was submitted by Joey Hess and made no > > reference to proprietary modules. This affects modules shipped by > > Debian too. > > > > The problem is that a new Debian release of the "same" kernel (2.4.27-1) > > has changed symbol version suffixes, thus breaking modules that were > > compiled against earlier releases of this kernel. > > Hi, > > I think that I have discovered the cause of the problem. > > It seems to be caused by the 093_tty_lockup.diff patch which was applied > to resolve CAN-2004-081, a security bug relating to race > conditions in the TTY subsystem. The patch was sourced from > Jason Baron from Red Hat. I have attached it for reference.
I regret to report that my previous analysis (which I have snipped but you can find at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84356) appears to be incorrect. On further analysis I believe that the problem lies in the following portion of the 093_tty_lockup.diff patch at the bottom of this message. This adds a refcount element to struct tty_ldisc. Unforunately struct tty_struct includes a element and in turn struct task_struct includes a struct tty_struct element, so this change ends up all over the place. To make matters worse this field appears to be fundamental to the fix, which I will reiterate at this point is a security fix for CAN-2004-081. I checked 2.6 upstream and the refcount field is present. Curiously upstream 2.4 seems to neither include this field nor a fix for CAN-2004-0814 (N.B not CAN-2004-081 as I misquoted above). If anyone can correct me there I would be most grateful. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 As it stands it seems whe have two choices. 1. Back out the CAN-2004-081 patch. This is trivial and would resolve the symbol problem. 2. Bump the SO name i.e. kernel-{build,headers,image,pcmcia-modiles}-2.4.27-1* -> kernel-{build,headers,image,pcmcia-modiles}-2.4.27-2* This is not fun, but is probably my prefered option at this point. Theroretically we might be able to do 1+2 but it looks painful at best. We may also be able to find a way to fix CAN-2004-081 and avoid introducing this symbol problem, but I am skeptical. -- Horms --- linux-2.4.27/include/linux/tty_ldisc.h.bak Thu Sep 23 17:43:51 2004 +++ linux-2.4.27/include/linux/tty_ldisc.h Thu Sep 23 17:44:24 2004 @@ -129,6 +129,7 @@ struct tty_ldisc { char *fp, int count); int (*receive_room)(struct tty_struct *); void (*write_wakeup)(struct tty_struct *); + int refcount; }; #define TTY_LDISC_MAGIC 0x5403
