rpms/kernel/F-10 fuse-prevent-fuse_put_request-in-invalid-ptr.patch, NONE, 1.1 kernel.spec, 1.1407, 1.1408
Kyle McMartin
kyle at fedoraproject.org
Thu Nov 19 14:41:16 UTC 2009
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8179
Modified Files:
kernel.spec
Added Files:
fuse-prevent-fuse_put_request-in-invalid-ptr.patch
Log Message:
* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse.
fuse-prevent-fuse_put_request-in-invalid-ptr.patch:
file.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE fuse-prevent-fuse_put_request-in-invalid-ptr.patch ---
>From 2fc57554676be7d724d338516c49a55e8723d111 Mon Sep 17 00:00:00 2001
From: Anand V. Avati <avati at gluster.com>
Date: Thu, 22 Oct 2009 06:24:52 -0700
Subject: [PATCH] fuse: prevent fuse_put_request on invalid pointer
fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.
Signed-off-by: Anand V. Avati <avati at gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Cc: stable at kernel.org
---
fs/fuse/file.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 053ff1c..d5db3df 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1033,7 +1033,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf,
break;
}
}
- fuse_put_request(fc, req);
+ if (!IS_ERR(req))
+ fuse_put_request(fc, req);
if (res > 0) {
if (write)
fuse_write_update_size(inode, pos);
--
1.6.5.2
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1407
retrieving revision 1.1408
diff -u -p -r1.1407 -r1.1408
--- kernel.spec 10 Sep 2009 18:10:30 -0000 1.1407
+++ kernel.spec 19 Nov 2009 14:41:15 -0000 1.1408
@@ -769,6 +769,9 @@ Patch11091: do_sigaltstack-avoid-copying
Patch11100: linux-2.6-dev-zero-avoid-oom-lockup.patch
+# rhbz#538734 (CVE-tbd) [f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
+Patch11101: fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1460,6 +1463,8 @@ ApplyPatch md-avoid-dereferencing-NULL-p
# CVE-2009-2847
ApplyPatch do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
+ApplyPatch fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
# ======= END OF PATCH APPLICATIONS =============================
%endif
@@ -2036,6 +2041,9 @@ fi
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
+- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse.
+
* Thu Sep 10 2009 Eric Sandeen <sandeen at redhat.com>
- Fix NFS vs. XFS oops (#502236)
More information about the scm-commits
mailing list