[kernel] r17943 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/debian patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Aug 16 14:55:01 UTC 2011
Author: dannf
Date: Tue Aug 16 14:54:59 2011
New Revision: 17943
Log:
NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
- copied unchanged from r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
- copied unchanged from r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Tue Aug 16 13:39:50 2011 (r17942)
+++ dists/lenny-security/linux-2.6/debian/changelog Tue Aug 16 14:54:59 2011 (r17943)
@@ -3,6 +3,7 @@
[ dann frazier ]
* Fix regression in fix for CVE-2011-1768 (Closes: #633738)
* taskstats: don't allow duplicate entries in listener mode (CVE-2011-2484)
+ * NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
[ Moritz Muehlenhoff ]
* ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch (from r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch Tue Aug 16 14:54:59 2011 (r17943, copy of r17936, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch)
@@ -0,0 +1,71 @@
+commit 0b760113a3a155269a3fba93a409c640031dd68f
+Author: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date: Tue May 31 15:15:34 2011 -0400
+
+ NLM: Don't hang forever on NLM unlock requests
+
+ If the NLM daemon is killed on the NFS server, we can currently end up
+ hanging forever on an 'unlock' request, instead of aborting. Basically,
+ if the rpcbind request fails, or the server keeps returning garbage, we
+ really want to quit instead of retrying.
+
+ Tested-by: Vasily Averin <vvs at sw.ru>
+ Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+ Cc: stable at kernel.org
+
+diff -urpN linux-source-2.6.32.orig/fs/lockd/clntproc.c linux-source-2.6.32/fs/lockd/clntproc.c
+--- linux-source-2.6.32.orig/fs/lockd/clntproc.c 2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/fs/lockd/clntproc.c 2011-08-03 23:36:15.028741583 -0600
+@@ -709,7 +709,13 @@ static void nlmclnt_unlock_callback(stru
+
+ if (task->tk_status < 0) {
+ dprintk("lockd: unlock failed (err = %d)\n", -task->tk_status);
+- goto retry_rebind;
++ switch (task->tk_status) {
++ case -EACCES:
++ case -EIO:
++ goto die;
++ default:
++ goto retry_rebind;
++ }
+ }
+ if (status == NLM_LCK_DENIED_GRACE_PERIOD) {
+ rpc_delay(task, NLMCLNT_GRACE_WAIT);
+diff -urpN linux-source-2.6.32.orig/include/linux/sunrpc/sched.h linux-source-2.6.32/include/linux/sunrpc/sched.h
+--- linux-source-2.6.32.orig/include/linux/sunrpc/sched.h 2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/include/linux/sunrpc/sched.h 2011-08-03 23:43:26.040758731 -0600
+@@ -84,8 +84,8 @@ struct rpc_task {
+ long tk_rtt; /* round-trip time (jiffies) */
+
+ pid_t tk_owner; /* Process id for batching tasks */
+- unsigned char tk_priority : 2;/* Task priority */
+-
++ unsigned char tk_priority : 2,/* Task priority */
++ tk_rebind_retry : 2;
+ #ifdef RPC_DEBUG
+ unsigned short tk_pid; /* debugging aid */
+ #endif
+diff -urpN linux-source-2.6.32.orig/net/sunrpc/clnt.c linux-source-2.6.32/net/sunrpc/clnt.c
+--- linux-source-2.6.32.orig/net/sunrpc/clnt.c 2009-12-02 20:51:21.000000000 -0700
++++ linux-source-2.6.32/net/sunrpc/clnt.c 2011-08-03 23:36:15.036741657 -0600
+@@ -1052,6 +1052,9 @@ call_bind_status(struct rpc_task *task)
+ status = -EOPNOTSUPP;
+ break;
+ }
++ if (task->tk_rebind_retry == 0)
++ break;
++ task->tk_rebind_retry--;
+ rpc_delay(task, 3*HZ);
+ goto retry_timeout;
+ case -ETIMEDOUT:
+diff -urpN linux-source-2.6.32.orig/net/sunrpc/sched.c linux-source-2.6.32/net/sunrpc/sched.c
+--- linux-source-2.6.32.orig/net/sunrpc/sched.c 2011-06-11 13:10:38.000000000 -0600
++++ linux-source-2.6.32/net/sunrpc/sched.c 2011-08-03 23:36:15.044741731 -0600
+@@ -789,6 +789,7 @@ static void rpc_init_task(struct rpc_tas
+ /* Initialize retry counters */
+ task->tk_garb_retry = 2;
+ task->tk_cred_retry = 2;
++ task->tk_rebind_retry = 2;
+
+ task->tk_priority = task_setup_data->priority - RPC_PRIORITY_LOW;
+ task->tk_owner = current->tgid;
Copied: dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch (from r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch Tue Aug 16 14:54:59 2011 (r17943, copy of r17936, dists/squeeze-security/linux-2.6/debian/patches/debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch)
@@ -0,0 +1,23 @@
+commit 613006cb46d1931bf7331fd3951efd7a0a0bb118
+Author: dann frazier <dannf at debian.org>
+Date: Mon Aug 8 21:43:14 2011 -0600
+
+ Avoid ABI change in fix for CVE-2011-2491
+
+diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h
+index 67f63dd..b5e54f3 100644
+--- a/include/linux/sunrpc/sched.h
++++ b/include/linux/sunrpc/sched.h
+@@ -84,8 +84,10 @@ struct rpc_task {
+ long tk_rtt; /* round-trip time (jiffies) */
+
+ pid_t tk_owner; /* Process id for batching tasks */
+- unsigned char tk_priority : 2,/* Task priority */
+- tk_rebind_retry : 2;
++ unsigned char tk_priority : 2;/* Task priority */
++#ifndef __GENKSYMS__
++ unsigned char tk_rebind_retry : 2;
++#endif
+ #ifdef RPC_DEBUG
+ unsigned short tk_pid; /* debugging aid */
+ #endif
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4 Tue Aug 16 13:39:50 2011 (r17942)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4 Tue Aug 16 14:54:59 2011 (r17943)
@@ -4,3 +4,5 @@
+ bugfix/all/CVE-2011-2492.patch
+ bugfix/all/alsa-caiaq-fix-possible-string-buffer-overflow.patch
+ bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch
++ bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
++ debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
More information about the Kernel-svn-changes
mailing list