[kernel/f15] Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached

Josh Boyer jwboyer at fedoraproject.org
Fri Mar 30 14:55:11 UTC 2012 

commit 09037335b6ef92689e79d19cc4af07e59455f719
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Fri Mar 30 10:49:57 2012 -0400

    Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached

 kernel.spec                                        |    9 +++++-
 ...-buffer-copied-in-__nfs4_get_acl_uncached.patch |   32 ++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 23376de..856b1a6 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -42,7 +42,7 @@ Summary: The Linux kernel
 # When changing real_sublevel below, reset this by hand to 1
 # (or to 0 and then use rpmdev-bumpspec).
 #
-%global baserelease 2
+%global baserelease 3
 %global fedora_build %{baserelease}
 
 # real_sublevel is the 3.x kernel version we're starting with
@@ -731,6 +731,8 @@ Patch21200: unhandled-irqs-switch-to-polling.patch
 #rhbz 804007
 Patch21305: mac80211-fix-possible-tid_rx-reorder_timer-use-after-free.patch
 
+Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
+
 Patch22000: weird-root-dentry-name-debug.patch
 
 %endif
@@ -1357,6 +1359,8 @@ ApplyPatch mm-thp-fix-pmd_bad-triggering.patch
 #rhbz 804947 CVE-2012-1568
 ApplyPatch SHLIB_BASE-randomization.patch
 
+ApplyPatch nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2004,6 +2008,9 @@ fi
 # and build.
 
 %changelog
+* Fri Mar 30 2012 Josh Boyer <jwboyer at redhat.com>
+- Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached
+
 * Thu Mar 29 2012 Josh Boyer <jwboyer at redhat.com>
 - Drop __cpuinitdata on disable_nx for x86_32 (rhbz 808075)
 
diff --git a/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch b/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
new file mode 100644
index 0000000..981f1f4
--- /dev/null
+++ b/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
@@ -0,0 +1,32 @@
+From 20e0fa98b751facf9a1101edaefbc19c82616a68 Mon Sep 17 00:00:00 2001
+From: Sachin Prabhu <sprabhu at redhat.com>
+Date: Thu, 22 Mar 2012 16:46:28 +0000
+Subject: [PATCH] Fix length of buffer copied in __nfs4_get_acl_uncached
+
+_copy_from_pages() used to copy data from the temporary buffer to the
+user passed buffer is passed the wrong size parameter when copying
+data. res.acl_len contains both the bitmap and acl lenghts while
+acl_len contains the acl length after adjusting for the bitmap size.
+
+Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+---
+ fs/nfs/nfs4proc.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index e809d23..45df7d4 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -3712,7 +3712,7 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu
+ 		if (acl_len > buflen)
+ 			goto out_free;
+ 		_copy_from_pages(buf, pages, res.acl_data_offset,
+-				res.acl_len);
++				acl_len);
+ 	}
+ 	ret = acl_len;
+ out_free:
+-- 
+1.7.7.6
+

More information about the scm-commits mailing list