[kernel] r12572 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Wed Jan 14 05:19:32 2009
New Revision: 12572

Log:
* nfs: Fix fcntl/close race
   - bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
  See CVE-2008-4307

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/23etch2

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Wed Jan 14 05:19:32 2009
@@ -3,8 +3,11 @@
   * Fix buffer underflow in the ib700wdt watchdog driver:
      - bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
     See CVE-2008-5702
+  * nfs: Fix fcntl/close race
+     - bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
+    See CVE-2008-4307
 
- -- dann frazier <dannf at debian.org>  Thu, 25 Dec 2008 14:47:31 -0700
+ -- dann frazier <dannf at debian.org>  Tue, 13 Jan 2009 22:14:02 -0700
 
 linux-2.6 (2.6.18.dfsg.1-23etch1) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch	Wed Jan 14 05:19:32 2009
@@ -0,0 +1,36 @@
+commit c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
+Author: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date:   Tue Apr 1 20:26:52 2008 -0400
+
+    NFS: Remove the buggy lock-if-signalled case from do_setlk()
+    
+    Both NLM and NFSv4 should be able to clean up adequately in the case where
+    the user interrupts the RPC call...
+    
+    Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/fs/nfs/file.c linux-source-2.6.18/fs/nfs/file.c
+--- linux-source-2.6.18.orig/fs/nfs/file.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/fs/nfs/file.c	2009-01-13 22:10:12.000000000 -0700
+@@ -471,17 +471,9 @@ static int do_setlk(struct file *filp, i
+ 
+ 	lock_kernel();
+ 	/* Use local locking if mounted with "-onolock" */
+-	if (!(NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM)) {
++	if (!(NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM))
+ 		status = NFS_PROTO(inode)->lock(filp, cmd, fl);
+-		/* If we were signalled we still need to ensure that
+-		 * we clean up any state on the server. We therefore
+-		 * record the lock call as having succeeded in order to
+-		 * ensure that locks_remove_posix() cleans it out when
+-		 * the process exits.
+-		 */
+-		if (status == -EINTR || status == -ERESTARTSYS)
+-			do_vfs_lock(filp, fl);
+-	} else
++	else
+ 		status = do_vfs_lock(filp, fl);
+ 	unlock_kernel();
+ 	if (status < 0)

Modified: dists/etch-security/linux-2.6/debian/patches/series/23etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/23etch2	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/23etch2	Wed Jan 14 05:19:32 2009
@@ -1 +1,2 @@
 + bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
++ bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch