-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:04.fork Errata Notice The FreeBSD Project Topic: Deadlock in a multi-threaded program during fork(2) Category: core Module: libc Announced: 2009-06-24 Credits: Konstantin Belousov , Max Brazhnikov Affects: FreeBSD 7.2 Corrected: 2009-05-03 17:51:38 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background fork(2) is a system call which causes creation of a new process. FreeBSD supports invoking the malloc(3) function during the fork(2) in a process running in threaded mode which involves locking of the memory allocator. II. Problem Description A lock order reversal has been found in the interaction between the malloc(3) implementation and threading library. When a multi-threaded process calls the fork(2) system call in a thread and the malloc(3) function in another thread it can cause a deadlock in the child process. III. Impact A multi-threaded program that calls fork(2) in a thread and malloc(3) in another thread can make the child process stop unintentionally. There is no direct impact on the other processes or the kernel. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch # fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libc # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/lib/libc/stdlib/malloc.c 1.147.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/lib/libc/stdlib/malloc.c 1.147.2.6.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r191767 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:04.fork.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBvBsACgkQFdaIBMps37LnLQCeNw8Es9R9X8QySoZni2JQ9Kma N+8An3Ff/bB4l3dvgfAa0rAA+TjbfQBV =8YtE -----END PGP SIGNATURE-----