[kernel/f16] Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached

Josh Boyer jwboyer at fedoraproject.org
Fri Mar 30 14:55:16 UTC 2012 

commit d08bf805ac6c458f3087de5ca04215aeeb4a8b3e
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Fri Mar 30 10:49:57 2012 -0400

    Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached

 kernel.spec                                        |    8 ++++-
 ...-buffer-copied-in-__nfs4_get_acl_uncached.patch |   32 ++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index bede763..df180f0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 8
+%global baserelease 9
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -791,6 +791,7 @@ Patch21370: iwlegacy-do-not-nulify-il-vif-on-reset.patch
 Patch21371: iwlwifi-do-not-nulify-ctx-vif-on-reset.patch
 
 Patch21500: ASPM-Fix-pcie-devs-with-non-pcie-children.patch
+Patch21501: nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
 
 Patch22000: weird-root-dentry-name-debug.patch
 
@@ -1474,6 +1475,8 @@ ApplyPatch mm-thp-fix-pmd_bad-triggering.patch
 
 ApplyPatch ASPM-Fix-pcie-devs-with-non-pcie-children.patch
 
+ApplyPatch nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2212,6 +2215,9 @@ fi
 # and build.
 
 %changelog
+* Fri Mar 30 2012 Josh Boyer <jwboyer at redhat.com>
+- Add patch to fix incorrect buffer length in __nfs4_get_acl_uncached
+
 * Thu Mar 29 2012 Josh Boyer <jwboyer at redhat.com> - 3.3.0-8
 - Drop __cpuinitdata on disable_nx for x86_32 (rhbz 808075)
 - iwl{wifi,legacy}: Fix warnings on remove interface from Stanislaw Gruszka
diff --git a/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch b/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
new file mode 100644
index 0000000..981f1f4
--- /dev/null
+++ b/nfs-Fix-length-of-buffer-copied-in-__nfs4_get_acl_uncached.patch
@@ -0,0 +1,32 @@
+From 20e0fa98b751facf9a1101edaefbc19c82616a68 Mon Sep 17 00:00:00 2001
+From: Sachin Prabhu <sprabhu at redhat.com>
+Date: Thu, 22 Mar 2012 16:46:28 +0000
+Subject: [PATCH] Fix length of buffer copied in __nfs4_get_acl_uncached
+
+_copy_from_pages() used to copy data from the temporary buffer to the
+user passed buffer is passed the wrong size parameter when copying
+data. res.acl_len contains both the bitmap and acl lenghts while
+acl_len contains the acl length after adjusting for the bitmap size.
+
+Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+---
+ fs/nfs/nfs4proc.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index e809d23..45df7d4 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -3712,7 +3712,7 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu
+ 		if (acl_len > buflen)
+ 			goto out_free;
+ 		_copy_from_pages(buf, pages, res.acl_data_offset,
+-				res.acl_len);
++				acl_len);
+ 	}
+ 	ret = acl_len;
+ out_free:
+-- 
+1.7.7.6
+

More information about the scm-commits mailing list