[kernel] r17943 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/debian patches/series

Tue Aug 16 14:55:01 UTC 2011

Author: dannf
Date: Tue Aug 16 14:54:59 2011
New Revision: 17943

Log:
NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
      - copied unchanged from r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
   dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
      - copied unchanged from r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny4

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================

--- dists/lenny-security/linux-2.6/debian/changelog	Tue Aug 16 13:39:50 2011	(r17942)
+++ dists/lenny-security/linux-2.6/debian/changelog	Tue Aug 16 14:54:59 2011	(r17943)
@@ -3,6 +3,7 @@
   [ dann frazier ]
   * Fix regression in fix for CVE-2011-1768 (Closes: #633738)
   * taskstats: don't allow duplicate entries in listener mode (CVE-2011-2484)
+  * NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
 
   [ Moritz Muehlenhoff ]
   * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)

Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch (from r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch	Tue Aug 16 14:54:59 2011	(r17943, copy of r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch)
@@ -0,0 +1,71 @@
+commit 0b760113a3a155269a3fba93a409c640031dd68f
+Author: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date:   Tue May 31 15:15:34 2011 -0400
+
+    NLM: Don't hang forever on NLM unlock requests
+    
+    If the NLM daemon is killed on the NFS server, we can currently end up
+    hanging forever on an 'unlock' request, instead of aborting. Basically,
+    if the rpcbind request fails, or the server keeps returning garbage, we
+    really want to quit instead of retrying.
+    
+    Tested-by: Vasily Averin <vvs at sw.ru>
+    Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+    Cc: stable at kernel.org
+
+diff -urpN linux-source-2.6.32.orig/fs/lockd/clntproc.c linux-source-2.6.32/fs/lockd/clntproc.c
+--- linux-source-2.6.32.orig/fs/lockd/clntproc.c	2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/fs/lockd/clntproc.c	2011-08-03 23:36:15.028741583 -0600
+@@ -709,7 +709,13 @@ static void nlmclnt_unlock_callback(stru
+ 
+ 	if (task->tk_status < 0) {
+ 		dprintk("lockd: unlock failed (err = %d)\n", -task->tk_status);
+-		goto retry_rebind;
++		switch (task->tk_status) {
++		case -EACCES:
++		case -EIO:
++			goto die;
++		default:
++			goto retry_rebind;
++		}
+ 	}
+ 	if (status == NLM_LCK_DENIED_GRACE_PERIOD) {
+ 		rpc_delay(task, NLMCLNT_GRACE_WAIT);
+diff -urpN linux-source-2.6.32.orig/include/linux/sunrpc/sched.h linux-source-2.6.32/include/linux/sunrpc/sched.h
+--- linux-source-2.6.32.orig/include/linux/sunrpc/sched.h	2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/include/linux/sunrpc/sched.h	2011-08-03 23:43:26.040758731 -0600
+@@ -84,8 +84,8 @@ struct rpc_task {
+ 	long			tk_rtt;		/* round-trip time (jiffies) */
+ 
+ 	pid_t			tk_owner;	/* Process id for batching tasks */
+-	unsigned char		tk_priority : 2;/* Task priority */
+-
++	unsigned char		tk_priority : 2,/* Task priority */
++				tk_rebind_retry : 2;
+ #ifdef RPC_DEBUG
+ 	unsigned short		tk_pid;		/* debugging aid */
+ #endif
+diff -urpN linux-source-2.6.32.orig/net/sunrpc/clnt.c linux-source-2.6.32/net/sunrpc/clnt.c
+--- linux-source-2.6.32.orig/net/sunrpc/clnt.c	2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/net/sunrpc/clnt.c	2011-08-03 23:36:15.036741657 -0600
+@@ -1052,6 +1052,9 @@ call_bind_status(struct rpc_task *task)
+ 			status = -EOPNOTSUPP;
+ 			break;
+ 		}
++		if (task->tk_rebind_retry == 0)
++			break;
++		task->tk_rebind_retry--;
+ 		rpc_delay(task, 3*HZ);
+ 		goto retry_timeout;
+ 	case -ETIMEDOUT:
+diff -urpN linux-source-2.6.32.orig/net/sunrpc/sched.c linux-source-2.6.32/net/sunrpc/sched.c
+--- linux-source-2.6.32.orig/net/sunrpc/sched.c	2011-06-11 13:10:38.000000000 -0600
++++ linux-source-2.6.32/net/sunrpc/sched.c	2011-08-03 23:36:15.044741731 -0600
+@@ -789,6 +789,7 @@ static void rpc_init_task(struct rpc_tas
+ 	/* Initialize retry counters */
+ 	task->tk_garb_retry = 2;
+ 	task->tk_cred_retry = 2;
++	task->tk_rebind_retry = 2;
+ 
+ 	task->tk_priority = task_setup_data->priority - RPC_PRIORITY_LOW;
+ 	task->tk_owner = current->tgid;

Copied: dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch (from r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch	Tue Aug 16 14:54:59 2011	(r17943, copy of r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch)
@@ -0,0 +1,23 @@
+commit 613006cb46d1931bf7331fd3951efd7a0a0bb118
+Author: dann frazier <dannf at debian.org>
+Date:   Mon Aug 8 21:43:14 2011 -0600
+
+    Avoid ABI change in fix for CVE-2011-2491
+
+diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h
+index 67f63dd..b5e54f3 100644
+--- a/include/linux/sunrpc/sched.h
++++ b/include/linux/sunrpc/sched.h
+@@ -84,8 +84,10 @@ struct rpc_task {
+ 	long			tk_rtt;		/* round-trip time (jiffies) */
+ 
+ 	pid_t			tk_owner;	/* Process id for batching tasks */
+-	unsigned char		tk_priority : 2,/* Task priority */
+-				tk_rebind_retry : 2;
++	unsigned char		tk_priority : 2;/* Task priority */
++#ifndef __GENKSYMS__
++	unsigned char		tk_rebind_retry : 2;
++#endif
+ #ifdef RPC_DEBUG
+ 	unsigned short		tk_pid;		/* debugging aid */
+ #endif

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Tue Aug 16 13:39:50 2011	(r17942)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Tue Aug 16 14:54:59 2011	(r17943)
@@ -4,3 +4,5 @@
 + bugfix/all/CVE-2011-2492.patch
 + bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch
 + bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch
++ bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
++ debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch

