[kernel/f19] Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)

Josh Boyer jwboyer at fedoraproject.org
Wed Jun 11 20:29:27 UTC 2014 

commit 3b155a5fdeb407c7366785f5350924cc68ec9424
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date:   Wed Jun 11 16:22:22 2014 -0400

    Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)

 ...opulate-net-in-mount-data-when-remounting.patch |   39 ++++++++++++++++++++
 kernel.spec                                        |    7 ++++
 2 files changed, 46 insertions(+), 0 deletions(-)
---
diff --git a/NFS-populate-net-in-mount-data-when-remounting.patch b/NFS-populate-net-in-mount-data-when-remounting.patch
new file mode 100644
index 0000000..223b500
--- /dev/null
+++ b/NFS-populate-net-in-mount-data-when-remounting.patch
@@ -0,0 +1,39 @@
+Bugzilla: 1099761
+Upstream-status: 3.16 and CC'd for stable
+
+From a914722f333b3359d2f4f12919380a334176bb89 Mon Sep 17 00:00:00 2001
+From: Mateusz Guzik <mguzik at redhat.com>
+Date: Tue, 10 Jun 2014 12:44:12 +0200
+Subject: [PATCH] NFS: populate ->net in mount data when remounting
+
+Otherwise the kernel oopses when remounting with IPv6 server because
+net is dereferenced in dev_get_by_name.
+
+Use net ns of current thread so that dev_get_by_name does not operate on
+foreign ns. Changing the address is prohibited anyway so this should not
+affect anything.
+
+Signed-off-by: Mateusz Guzik <mguzik at redhat.com>
+Cc: linux-nfs at vger.kernel.org
+Cc: linux-kernel at vger.kernel.org
+Cc: stable at vger.kernel.org # 3.4+
+Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
+---
+ fs/nfs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nfs/super.c b/fs/nfs/super.c
+index 1a6d7ac9d9d2..084af1060d79 100644
+--- a/fs/nfs/super.c
++++ b/fs/nfs/super.c
+@@ -2260,6 +2260,7 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
+ 	data->nfs_server.addrlen = nfss->nfs_client->cl_addrlen;
+ 	data->version = nfsvers;
+ 	data->minorversion = nfss->nfs_client->cl_minorversion;
++	data->net = current->nsproxy->net_ns;
+ 	memcpy(&data->nfs_server.address, &nfss->nfs_client->cl_addr,
+ 		data->nfs_server.addrlen);
+ 
+-- 
+1.9.3
+
diff --git a/kernel.spec b/kernel.spec
index a5bcc5a..4b1b3f3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -770,6 +770,9 @@ Patch25096: drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pa
 Patch25097: e1000e-Fix-SHRA-register-access-for-82579.patch
 Patch25098: e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
 
+#rhbz 1099761
+Patch25099: NFS-populate-net-in-mount-data-when-remounting.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1483,6 +1486,9 @@ ApplyPatch drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pat
 ApplyPatch e1000e-Fix-SHRA-register-access-for-82579.patch
 ApplyPatch e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
 
+#rhbz 1099761
+ApplyPatch NFS-populate-net-in-mount-data-when-remounting.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2296,6 +2302,7 @@ fi
 
 %changelog
 * Wed Jun 11 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)
 - Fix promisc mode on certain e1000e cards (rhbz 1064516)
 - Fix i915 backlight issue on gen4 (rhbz 1094066)
 - Linux v3.14.7

More information about the scm-commits mailing list