Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 77923 - NFS client O_DIRECT error case (CAN-2005-0207)
Summary: NFS client O_DIRECT error case (CAN-2005-0207)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://lists.ubuntu.com/archives/hoar...
Whiteboard: [linux <2.6.11]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-13 18:50 UTC by Brandon Hale (RETIRED)
Modified: 2009-05-03 14:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
O_DIRECT fix from -bk (nfs-client-odirect.patch,1.46 KB, patch)
2005-01-13 18:51 UTC, Brandon Hale (RETIRED) 		no flags Details | Diff
Patch (linux-2.6.10-77923.patch,1.07 KB, patch)
2005-01-15 14:08 UTC, Tim Yamin (RETIRED) 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brandon Hale (RETIRED) gentoo-dev 2005-01-13 18:50:12 UTC 
I caught this fix in the changelog linked above, already in Linus's tree.
From the log:

   * [SECURITY] NFS client O_DIRECT error case fix:
     - Add patch stolen-from-head_nfs-client-odirect.dpatch.
 .
   The NFS direct-io error return path for request sizes greater than
   MAX_DIRECTIO_SIZE fails to initialize the returned page struct array
   pointer to NULL.
 .
   Discovered using AKPM's ext3-tools: odwrite -ko 0 16385 foo

Exploitability of this flaw seems to be undisclosed at this time.
I've broken out the patch, attaching below.
Comment 1 Brandon Hale (RETIRED) gentoo-dev 2005-01-13 18:51:21 UTC 
Created attachment 48436 [details, diff]
O_DIRECT fix from -bk

Broken out from Ubuntu kernel sources, pulled from linus-bk
Comment 2 Brandon Hale (RETIRED) gentoo-dev 2005-01-13 18:53:06 UTC 
This is fixed without a changelog entry in -ac. hardened-dev-sources 2.6.10 includes -ac8, and is unaffected. Will go stable soon.
Comment 3 Brandon Hale (RETIRED) gentoo-dev 2005-01-14 07:18:55 UTC 
hardened-dev-sources stable, resolved for us.
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2005-01-15 14:08:35 UTC 
Created attachment 48583 [details, diff]
Patch
Comment 5 Joshua Kinard gentoo-dev 2005-01-18 19:00:50 UTC 
mips-sources patched
Comment 6 Daniel Drake (RETIRED) gentoo-dev 2005-01-19 03:45:03 UTC 
gentoo-dev-sources is done
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-03-16 03:16:35 UTC 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2005-03-29 05:51:12 UTC 
Following sources still need this fix:

hppa-sources:- Adding GMSoft...
pegasos-sources:- Adding dholm...
rsbac-sources:- Adding kang...
Comment 9 Tim Yamin (RETIRED) gentoo-dev 2005-03-29 05:51:26 UTC 
Following sources still need this fix:

hppa-sources:- Adding GMSoft...
pegasos-sources:- Adding dholm...
rsbac-sources:- Adding kang...
Comment 10 Guillaume Destuynder (RETIRED) gentoo-dev 2005-04-08 01:02:44 UTC 
just a note: this vuln is not present in rsbac kernels.
Comment 11 David Holm (RETIRED) gentoo-dev 2005-04-14 03:33:58 UTC 
pegasos-sources fixed
Comment 12 Tim Yamin (RETIRED) gentoo-dev 2005-07-24 09:26:43 UTC 
All fixed, closing bug.