Update to 3.13.4-1 and add another critical NFS bugfix.

This commit is contained in:
Thomas Bächler 2014-02-20 22:43:41 +00:00
parent 37206be16f
commit 387a230bfa
2 changed files with 90 additions and 2 deletions

View file

@ -0,0 +1,82 @@
From 2bd7c7b5f011b3d57e4f5625b561a6f3f2f34a81 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust@primarydata.com>
Date: Sun, 16 Feb 2014 12:14:13 -0500
Subject: [PATCH] SUNRPC: Ensure that gss_auth isn't freed before its upcall
messages
Fix a race in which the RPC client is shutting down while the
gss daemon is processing a downcall. If the RPC client manages to
shut down before the gss daemon is done, then the struct gss_auth
used in gss_release_msg() may have already been freed.
Link: http://lkml.kernel.org/r/1392494917.71728.YahooMailNeo@web140002.mail.bf1.yahoo.com
Reported-by: John <da_audiophile@yahoo.com>
Reported-by: Borislav Petkov <bp@alien8.de>
Cc: stable@vger.kernel.org # 3.12+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
---
net/sunrpc/auth_gss/auth_gss.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 42fdfc6..a642fd616 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -108,6 +108,7 @@ struct gss_auth {
static DEFINE_SPINLOCK(pipe_version_lock);
static struct rpc_wait_queue pipe_version_rpc_waitqueue;
static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
+static void gss_put_auth(struct gss_auth *gss_auth);
static void gss_free_ctx(struct gss_cl_ctx *);
static const struct rpc_pipe_ops gss_upcall_ops_v0;
@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
if (gss_msg->ctx != NULL)
gss_put_ctx(gss_msg->ctx);
rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
+ gss_put_auth(gss_msg->auth);
kfree(gss_msg);
}
@@ -500,6 +502,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
if (err)
goto err_free_msg;
};
+ kref_get(&gss_auth->kref);
return gss_msg;
err_free_msg:
kfree(gss_msg);
@@ -1071,6 +1074,12 @@ gss_free_callback(struct kref *kref)
}
static void
+gss_put_auth(struct gss_auth *gss_auth)
+{
+ kref_put(&gss_auth->kref, gss_free_callback);
+}
+
+static void
gss_destroy(struct rpc_auth *auth)
{
struct gss_auth *gss_auth = container_of(auth,
@@ -1091,7 +1100,7 @@ gss_destroy(struct rpc_auth *auth)
gss_auth->gss_pipe[1] = NULL;
rpcauth_destroy_credcache(auth);
- kref_put(&gss_auth->kref, gss_free_callback);
+ gss_put_auth(gss_auth);
}
/*
@@ -1262,7 +1271,7 @@ gss_destroy_nullcred(struct rpc_cred *cred)
call_rcu(&cred->cr_rcu, gss_free_cred_callback);
if (ctx)
gss_put_ctx(ctx);
- kref_put(&gss_auth->kref, gss_free_callback);
+ gss_put_auth(gss_auth);
}
static void
--
1.9.0

View file

@ -4,7 +4,7 @@
pkgbase=linux # Build stock -ARCH kernel
#pkgbase=linux-custom # Build kernel with a different name
_srcname=linux-3.13
pkgver=3.13.3
pkgver=3.13.4
pkgrel=1
arch=('i686' 'x86_64')
url="http://www.kernel.org/"
@ -25,12 +25,13 @@ source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz"
'0004-rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-.patch'
'0005-sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch'
'0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch'
'0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch'
'0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch'
'0001-quirk-asm_volatile_goto.patch'
'i8042-fix-aliases.patch'
)
md5sums=('0ecbaf65c00374eb4a826c2f9f37606f'
'2d3d298f2b430122f4baf2af88277231'
'77ca721ea0e8373f58f596fe0d9b1b47'
'ba4468d313adfaf22368add7f58204aa'
'035bb27dac306f5c028d96cad14bb249'
'eb14dcfd80c00852ef81ded6e826826a'
@ -42,6 +43,7 @@ md5sums=('0ecbaf65c00374eb4a826c2f9f37606f'
'10dbaf863e22b2437e68f9190d65c861'
'd5907a721b97299f0685c583499f7820'
'a724515b350b29c53f20e631c6cf9a14'
'1ae4ec847f41fa1b6d488f956e94c893'
'e6fa278c092ad83780e2dd0568e24ca6'
'6baa312bc166681f48e972824f3f6649'
'93dbf73af819b77f03453a9c6de2bb47')
@ -81,6 +83,10 @@ prepare() {
# http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=23e66ba97127ff3b064d4c6c5138aa34eafc492f
patch -p1 -i "${srcdir}/0006-rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-no.patch"
# Fix FS#38921
# http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9eb2ddb48ce3a7bd745c14a933112994647fa3cd
patch -p1 -i "${srcdir}/0001-SUNRPC-Ensure-that-gss_auth-isn-t-freed-before-its-u.patch"
# Fix symbols: Revert http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83460ec8dcac14142e7860a01fa59c267ac4657c
patch -Rp1 -i "${srcdir}/0001-syscalls.h-use-gcc-alias-instead-of-assembler-aliase.patch"