rpms/kernel/F-11 fuse-prevent-fuse_put_request-in-invalid-ptr.patch, NONE, 1.1 kernel.spec, 1.1779, 1.1780
Kyle McMartin
kyle at fedoraproject.org
Thu Nov 19 14:38:35 UTC 2009
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7263
Modified Files:
kernel.spec
Added Files:
fuse-prevent-fuse_put_request-in-invalid-ptr.patch
Log Message:
* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
when low on memory. rhbz#538734.
fuse-prevent-fuse_put_request-in-invalid-ptr.patch:
file.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE fuse-prevent-fuse_put_request-in-invalid-ptr.patch ---
>From 2fc57554676be7d724d338516c49a55e8723d111 Mon Sep 17 00:00:00 2001
From: Anand V. Avati <avati at gluster.com>
Date: Thu, 22 Oct 2009 06:24:52 -0700
Subject: [PATCH] fuse: prevent fuse_put_request on invalid pointer
fuse_direct_io() has a loop where requests are allocated in each
iteration. if allocation fails, the loop is broken out and follows
into an unconditional fuse_put_request() on that invalid pointer.
Signed-off-by: Anand V. Avati <avati at gluster.com>
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
Cc: stable at kernel.org
---
fs/fuse/file.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 053ff1c..d5db3df 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1033,7 +1033,8 @@ static ssize_t fuse_direct_io(struct file *file, const char __user *buf,
break;
}
}
- fuse_put_request(fc, req);
+ if (!IS_ERR(req))
+ fuse_put_request(fc, req);
if (res > 0) {
if (write)
fuse_write_update_size(inode, pos);
--
1.6.5.2
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1779
retrieving revision 1.1780
diff -u -p -r1.1779 -r1.1780
--- kernel.spec 19 Nov 2009 01:25:54 -0000 1.1779
+++ kernel.spec 19 Nov 2009 14:38:34 -0000 1.1780
@@ -838,6 +838,9 @@ Patch16450: fs-pipe-null-ptr-deref-fix.p
Patch16460: sata_nv-make-sure-link-is-brough-up-online-when-skipping-hardreset.patch
Patch16470: sata_nv-use-hardreset-only-for-post-boot-probing.patch
+# rhbz#538734 (CVE-tbd) [f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
+Patch16471: fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1575,6 +1578,8 @@ ApplyPatch fs-pipe-null-ptr-deref-fix.pa
ApplyPatch sata_nv-use-hardreset-only-for-post-boot-probing.patch
ApplyPatch sata_nv-make-sure-link-is-brough-up-online-when-skipping-hardreset.patch
+ApplyPatch fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2163,6 +2168,10 @@ fi
# and build.
%changelog
+* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
+- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
+ when low on memory. rhbz#538734.
+
* Thu Nov 19 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.30.9-100
- Re-enable CONFIG_DMAR_GFX_WA on x86_64.
More information about the fedora-extras-commits
mailing list