[kernel/stabilization] Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)

[Josh Boyer]

commit 1724a9954b1ac98ec3fca34c109275e1eb877783
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date:   Wed Jun 11 16:22:22 2014 -0400

    Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)

 ...opulate-net-in-mount-data-when-remounting.patch |   39 ++++++++++++++++++++
 kernel.spec                                        |    7 ++++
 2 files changed, 46 insertions(+), 0 deletions(-)
---
diff --git a/NFS-populate-net-in-mount-data-when-remounting.patch b/NFS-populate-net-in-mount-data-when-remounting.patch
new file mode 100644
index 0000000..223b500
--- /dev/null
+++ b/NFS-populate-net-in-mount-data-when-remounting.patch
@@ -0,0 +1,39 @@
+Bugzilla: 1099761
+Upstream-status: 3.16 and CC'd for stable
+
+From a914722f333b3359d2f4f12919380a334176bb89 Mon Sep 17 00:00:00 2001
+From: Mateusz Guzik <mguzik at redhat.com>
+Date: Tue, 10 Jun 2014 12:44:12 +0200
+Subject: [PATCH] NFS: populate ->net in mount data when remounting
+
+Otherwise the kernel oopses when remounting with IPv6 server because
+net is dereferenced in dev_get_by_name.
+
+Use net ns of current thread so that dev_get_by_name does not operate on
+foreign ns. Changing the address is prohibited anyway so this should not
+affect anything.
+
+Signed-off-by: Mateusz Guzik <mguzik at redhat.com>
+Cc: linux-nfs at vger.kernel.org
+Cc: linux-kernel at vger.kernel.org
+Cc: stable at vger.kernel.org # 3.4+
+Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
+---
+ fs/nfs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nfs/super.c b/fs/nfs/super.c
+index 1a6d7ac9d9d2..084af1060d79 100644
+--- a/fs/nfs/super.c
++++ b/fs/nfs/super.c
+@@ -2260,6 +2260,7 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
+ 	data->nfs_server.addrlen = nfss->nfs_client->cl_addrlen;
+ 	data->version = nfsvers;
+ 	data->minorversion = nfss->nfs_client->cl_minorversion;
++	data->net = current->nsproxy->net_ns;
+ 	memcpy(&data->nfs_server.address, &nfss->nfs_client->cl_addr,
+ 		data->nfs_server.addrlen);
+ 
+-- 
+1.9.3
+
diff --git a/kernel.spec b/kernel.spec
index 065160a..7e3d898 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -728,6 +728,9 @@ Patch25096: drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pa
 #rhbz 1064516
 Patch25098: e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
 
+#rhbz 1099761
+Patch25099: NFS-populate-net-in-mount-data-when-remounting.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1424,6 +1427,9 @@ ApplyPatch drm-i915-set-backlight-duty-cycle-after-backlight-enable-for-gen4.pat
 #rhbz 1064516
 ApplyPatch e1000e-Failure-to-write-SHRA-turns-on-PROMISC-mode.patch
 
+#rhbz 1099761
+ApplyPatch NFS-populate-net-in-mount-data-when-remounting.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2237,6 +2243,7 @@ fi
 #                                    ||     ||
 %changelog
 * Wed Jun 11 2014 Josh Boyer <jwboyer at fedoraproject.org>
+- Fix NFS NULL pointer deref with ipv6 (rhbz 1099761)
 - Fix promisc mode on certain e1000e cards (rhbz 1064516)
 - Fix i915 backlight issue on gen4 (rhbz 1094066)