[kernel/f19] Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)
Josh Boyer
jwboyer at fedoraproject.org
Wed Jun 11 20:29:27 UTC 2014
commit 3b155a5fdeb407c7366785f5350924cc68ec9424
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed Jun 11 16:22:22 2014 -0400
Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)
...opulate-net-in-mount-data-when-remounting.patch | 39 ++++++++++++++++++++
kernel.spec | 7 ++++
2 files changed, 46 insertions(+), 0 deletions(-)
---
diff --git a/NFS-populate-net-in-mount-data-when-remounting.patch b/NFS-populate-net-in-mount-data-when-remounting.patch
new file mode 100644
index 0000000..223b500
--- /dev/null
+++ b/NFS-populate-net-in-mount-data-when-remounting.patch
@@ -0,0 +1,39 @@
+Bugzilla: 1099761
+Upstream-status: 3.16 and CC'd for stable
+
+From a914722f333b3359d2f4f12919380a334176bb89 Mon Sep 17 00:00:00 2001
+From: Mateusz Guzik <mguzik at redhat.com>
+Date: Tue, 10 Jun 2014 12:44:12 +0200
+Subject: [PATCH] NFS: populate ->net in mount data when remounting
+
+Otherwise the kernel oopses when remounting with IPv6 server because
+net is dereferenced in dev_get_by_name.
+
+Use net ns of current thread so that dev_get_by_name does not operate on
+foreign ns. Changing the address is prohibited anyway so this should not
+affect anything.
+
+Signed-off-by: Mateusz Guzik <mguzik at redhat.com>
+Cc: linux-nfs at vger.kernel.org
+Cc: linux-kernel at vger.kernel.org
+Cc: stable at vger.kernel.org # 3.4+
+Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
+---
+ fs/nfs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nfs/super.c b/fs/nfs/super.c
+index 1a6d7ac9d9d2..084af1060d79 100644
+--- a/fs/nfs/super.c
++++ b/fs/nfs/super.c
+@@ -2260,6 +2260,7 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
+ data->nfs_server.addrlen = nfss->nfs_client->cl_addrlen;
+ data->version = nfsvers;
+ data->minorversion = nfss->nfs_client->cl_minorversion;
++ data->net = current->nsproxy->net_ns;
+ memcpy(&data->nfs_server.address, &nfss->nfs_client->cl_addr,
+ data->nfs_server.addrlen);
+
+--
+1.9.3
+
diff --git a/kernel.spec b/kernel.spec
index a5bcc5a..4b1b3f3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -770,6 +770,9 @@ Patch25096: drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pa
Patch25097: e1000e-Fix-SHRA-register-access-for-82579.patch
Patch25098: e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
+#rhbz 1099761
+Patch25099: NFS-populate-net-in-mount-data-when-remounting.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1483,6 +1486,9 @@ ApplyPatch drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pat
ApplyPatch e1000e-Fix-SHRA-register-access-for-82579.patch
ApplyPatch e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
+#rhbz 1099761
+ApplyPatch NFS-populate-net-in-mount-data-when-remounting.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2296,6 +2302,7 @@ fi
%changelog
* Wed Jun 11 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)
- Fix promisc mode on certain e1000e cards (rhbz 1064516)
- Fix i915 backlight issue on gen4 (rhbz 1094066)
- Linux v3.14.7
More information about the scm-commits
mailing list