rpms/kernel/F-11 fuse-prevent-fuse_put_request-in-invalid-ptr.patch, NONE, 1.1 kernel.spec, 1.1779, 1.1780

Kyle McMartin kyle at fedoraproject.org
Thu Nov 19 14:38:35 UTC 2009 

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7263

Modified Files:
	kernel.spec 
Added Files:
	fuse-prevent-fuse_put_request-in-invalid-ptr.patch 
Log Message:
* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
  when low on memory. rhbz#538734.


fuse-prevent-fuse_put_request-in-invalid-ptr.patch:
 file.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE fuse-prevent-fuse_put_request-in-invalid-ptr.patch ---
>From 2fc57554676be7d724d338516c49a55e8723d111 Mon Sep 17 00:00:00 2001
From: Anand V. Avati <avati at gluster.com>
Date: Thu, 22 Oct 2009 06:24:52 -0700
Subject: [PATCH] fuse: prevent fuse_put_request on invalid pointer

fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.

Signed-off-by: Anand V. Avati <avati at gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Cc: stable at kernel.org
---
 fs/fuse/file.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 053ff1c..d5db3df 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1033,7 +1033,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf,
 				break;
 		}
 	}
-	fuse_put_request(fc, req);
+	if (!IS_ERR(req))
+		fuse_put_request(fc, req);
 	if (res > 0) {
 		if (write)
 			fuse_write_update_size(inode, pos);
-- 
1.6.5.2



Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1779
retrieving revision 1.1780
diff -u -p -r1.1779 -r1.1780
--- kernel.spec	19 Nov 2009 01:25:54 -0000	1.1779
+++ kernel.spec	19 Nov 2009 14:38:34 -0000	1.1780
@@ -838,6 +838,9 @@ Patch16450: fs-pipe-null-ptr-deref-fix.p
 Patch16460: sata_nv-make-sure-link-is-brough-up-online-when-skipping-hardreset.patch
 Patch16470: sata_nv-use-hardreset-only-for-post-boot-probing.patch
 
+# rhbz#538734 (CVE-tbd) [f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
+Patch16471: fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1575,6 +1578,8 @@ ApplyPatch fs-pipe-null-ptr-deref-fix.pa
 ApplyPatch sata_nv-use-hardreset-only-for-post-boot-probing.patch
 ApplyPatch sata_nv-make-sure-link-is-brough-up-online-when-skipping-hardreset.patch
 
+ApplyPatch fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2163,6 +2168,10 @@ fi
 # and build.
 
 %changelog
+* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
+- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
+  when low on memory. rhbz#538734.
+
 * Thu Nov 19 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.30.9-100
 - Re-enable CONFIG_DMAR_GFX_WA on x86_64.

More information about the fedora-extras-commits mailing list