diotest4 from LTP will crash client on NFS mount. Not a regression, 5.7 GA kernel has the same issue. Unable to handle kernel NULL pointer dereference at 0000000000000038 RIP: [<ffffffff887aed65>] :nfs:__put_nfs_open_context+0x7/0x93 PGD 16bba2067 PUD 14bcd1067 PMD 0 Oops: 0000 [1] SMP last sysfs file: /devices/pci0000:00/0000:00:00.0/local_cpus CPU 2 Modules linked in: nfs nfsd exportfs nfs_acl auth_rpcgss autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ipt_REJECT ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i libcxgbi cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi dm_mirror dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi acpi_memhotplug ac parport_pc lp parport joydev i2c_i801 i2c_core ide_cd cdc_ether i7core_edac cdrom usbnet edac_mc tpm_tis tpm tpm_bios bnx2 sg pcspkr dm_raid45 dm_message dm_region_hash dm_log dm_mod dm_mem_cache ata_piix libata shpchp megaraid_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 4577, comm: diotest4 Not tainted 2.6.18-296.el5 #1 RIP: 0010:[<ffffffff887aed65>] [<ffffffff887aed65>] :nfs:__put_nfs_open_context+0x7/0x93 RSP: 0018:ffff810153cc1d28 EFLAGS: 00010246 RAX: ffff81014df95b10 RBX: ffff81014df95840 RCX: ffff81017fe5e608 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff81014df95840 R08: ffff81014df95840 R09: 0000000000000000 R10: ffff81014df95840 R11: 0000000000000310 R12: 0000000000000000 R13: 0000000000001000 R14: ffff81014aff9218 R15: ffff81014ced68c0 FS: 00002b51e08b3af0(0000) GS:ffff810105524ec0(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000038 CR3: 000000014a8fb000 CR4: 00000000000006a0 Process diotest4 (pid: 4577, threadinfo ffff810153cc0000, task ffff81017fc877a0) Stack: ffff81014df95840 ffff81014df95840 ffff81014ced6898 ffffffff887b4459 fffffffffffffff4 ffffffff887ccca6 ffff810153cc1e68 0000000000001000 ffff810153cc1e08 ffff81014a335a00 0000000000001000 0000000000008000 Call Trace: [<ffffffff887b4459>] :nfs:nfs_readdata_release+0x10/0x16 [<ffffffff887ccca6>] :nfs:nfs_file_direct_read+0x1b8/0x52f [<ffffffff8000cf47>] do_sync_read+0xc7/0x104 [<ffffffff887aef81>] :nfs:nfs_open+0x10b/0x125 [<ffffffff800a3346>] autoremove_wake_function+0x0/0x2e [<ffffffff8000b72f>] vfs_read+0xcb/0x171 [<ffffffff80011d15>] sys_read+0x45/0x6e [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 48 8b 47 38 48 89 fb 48 8b 68 10 48 8d b5 b4 00 00 00 e8 c9 RIP [<ffffffff887aed65>] :nfs:__put_nfs_open_context+0x7/0x93 RSP <ffff810153cc1d28> CR2: 0000000000000038 <0>Kernel panic - not syncing: Fatal exception Upstream Commit: http://git.kernel.org/linus/1ae88b2e4 (v2.6.31-rc6)
CVE-2011-4325 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4325): The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.
