lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1158682809.5724.18.camel@lade.trondhjem.org>
Date:	Tue, 19 Sep 2006 12:20:09 -0400
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Linus Torvalds <torvalds@...l.org>
Cc:	Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org
Subject: [GIT] Fix three Oopsable conditions in the 2.6.18-rc7 NFS client

Hi Linus,

Please pull from the 'fixes' branch of the repository at

   git pull git://git.linux-nfs.org/pub/linux/nfs-2.6.git fixes

This will update the following files through the appended changesets.

  Cheers,
    Trond

----
 fs/nfs/nfs4proc.c |    6 +++---
 fs/nfs/read.c     |    6 ++++--
 fs/nfs/write.c    |    4 ++--
 3 files changed, 9 insertions(+), 7 deletions(-)

commit 5c2d97cb31fb77981797fec46230ca005b865799
Author: Trond Myklebust <Trond.Myklebust@...app.com>
Date:   Mon Sep 18 23:20:35 2006 -0400

    NFS: Fix nfs_page use after free issues in fs/nfs/write.c
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>

commit 76723de0cf5b186afe2f329eeef304c321d52bf8
Author: Trond Myklebust <Trond.Myklebust@...app.com>
Date:   Fri Sep 15 08:11:51 2006 -0400

    NFSv4: Fix incorrect semaphore release in _nfs4_do_open()
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>

commit 7a52411107e1ac8f5be6967936ec237f40a1c7e4
Author: Trond Myklebust <Trond.Myklebust@...app.com>
Date:   Fri Sep 15 16:03:45 2006 -0400

    NFS: Fix Oopsable condition in nfs_readpage_sync()
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 153898e..b14145b 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -970,7 +970,7 @@ static int _nfs4_do_open(struct inode *d
 	status = -ENOMEM;
 	opendata = nfs4_opendata_alloc(dentry, sp, flags, sattr);
 	if (opendata == NULL)
-		goto err_put_state_owner;
+		goto err_release_rwsem;
 
 	status = _nfs4_proc_open(opendata);
 	if (status != 0)
@@ -989,11 +989,11 @@ static int _nfs4_do_open(struct inode *d
 	return 0;
 err_opendata_free:
 	nfs4_opendata_free(opendata);
+err_release_rwsem:
+	up_read(&clp->cl_sem);
 err_put_state_owner:
 	nfs4_put_state_owner(sp);
 out_err:
-	/* Note: clp->cl_sem must be released before nfs4_put_open_state()! */
-	up_read(&clp->cl_sem);
 	*res = NULL;
 	return status;
 }
diff --git a/fs/nfs/read.c b/fs/nfs/read.c
index 7a9ee00..f0aff82 100644
--- a/fs/nfs/read.c
+++ b/fs/nfs/read.c
@@ -204,9 +204,11 @@ static int nfs_readpage_sync(struct nfs_
 	NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATIME;
 	spin_unlock(&inode->i_lock);
 
-	nfs_readpage_truncate_uninitialised_page(rdata);
-	if (rdata->res.eof || rdata->res.count == rdata->args.count)
+	if (rdata->res.eof || rdata->res.count == rdata->args.count) {
 		SetPageUptodate(page);
+		if (rdata->res.eof && count != 0)
+			memclear_highpage_flush(page, rdata->args.pgbase, count);
+	}
 	result = 0;
 
 io_error:
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 8ab3cf1..7084ac9 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -590,8 +590,8 @@ static void nfs_cancel_commit_list(struc
 		req = nfs_list_entry(head->next);
 		nfs_list_remove_request(req);
 		nfs_inode_remove_request(req);
-		nfs_clear_page_writeback(req);
 		dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
+		nfs_clear_page_writeback(req);
 	}
 }
 
@@ -1386,8 +1386,8 @@ nfs_commit_list(struct inode *inode, str
 		req = nfs_list_entry(head->next);
 		nfs_list_remove_request(req);
 		nfs_mark_request_commit(req);
-		nfs_clear_page_writeback(req);
 		dec_zone_page_state(req->wb_page, NR_UNSTABLE_NFS);
+		nfs_clear_page_writeback(req);
 	}
 	return -ENOMEM;
 }


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ