rpms/kernel/F-10 fuse-prevent-fuse_put_request-in-invalid-ptr.patch, NONE, 1.1 kernel.spec, 1.1407, 1.1408

[Kyle McMartin]

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8179

Modified Files:
	kernel.spec 
Added Files:
	fuse-prevent-fuse_put_request-in-invalid-ptr.patch 
Log Message:
* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse.


fuse-prevent-fuse_put_request-in-invalid-ptr.patch:
 file.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE fuse-prevent-fuse_put_request-in-invalid-ptr.patch ---
>From 2fc57554676be7d724d338516c49a55e8723d111 Mon Sep 17 00:00:00 2001
From: Anand V. Avati <avati at gluster.com>
Date: Thu, 22 Oct 2009 06:24:52 -0700
Subject: [PATCH] fuse: prevent fuse_put_request on invalid pointer

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.

Signed-off-by: Anand V. Avati <avati at gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Cc: stable at kernel.org
---
 fs/fuse/file.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 053ff1c..d5db3df 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1033,7 +1033,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf,
 				break;
 		}
 	}
-	fuse_put_request(fc, req);
+	if (!IS_ERR(req))
+		fuse_put_request(fc, req);
 	if (res > 0) {
 		if (write)
 			fuse_write_update_size(inode, pos);
-- 
1.6.5.2



Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1407
retrieving revision 1.1408
diff -u -p -r1.1407 -r1.1408
--- kernel.spec	10 Sep 2009 18:10:30 -0000	1.1407
+++ kernel.spec	19 Nov 2009 14:41:15 -0000	1.1408
@@ -769,6 +769,9 @@ Patch11091: do_sigaltstack-avoid-copying
 
 Patch11100: linux-2.6-dev-zero-avoid-oom-lockup.patch
 
+# rhbz#538734 (CVE-tbd) [f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
+Patch11101: fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1460,6 +1463,8 @@ ApplyPatch md-avoid-dereferencing-NULL-p
 # CVE-2009-2847
 ApplyPatch do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
 
+ApplyPatch fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
 # ======= END OF PATCH APPLICATIONS =============================
 
 %endif
@@ -2036,6 +2041,9 @@ fi
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
+* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
+- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse.
+
 * Thu Sep 10 2009 Eric Sandeen <sandeen at redhat.com>
 - Fix NFS vs. XFS oops (#502236)