This is a note to let you know that I've just added the patch titled
ceph: fix null pointer dereference
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ceph-fix-null-pointer-dereference.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From c338c07c51e3106711fad5eb599e375eadb6855d Mon Sep 17 00:00:00 2001
From: Nathaniel Yazdani <n1ght.4nd.d4y@xxxxxxxxx>
Date: Sun, 4 Aug 2013 21:04:30 -0700
Subject: ceph: fix null pointer dereference
From: Nathaniel Yazdani <n1ght.4nd.d4y@xxxxxxxxx>
commit c338c07c51e3106711fad5eb599e375eadb6855d upstream.
When register_session() is given an out-of-range argument for mds,
ceph_mdsmap_get_addr() will return a null pointer, which would be given to
ceph_con_open() & be dereferenced, causing a kernel oops. This fixes bug #4685
in the Ceph bug tracker <http://tracker.ceph.com/issues/4685>.
Signed-off-by: Nathaniel Yazdani <n1ght.4nd.d4y@xxxxxxxxx>
Reviewed-by: Sage Weil <sage@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/ceph/mds_client.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -414,6 +414,9 @@ static struct ceph_mds_session *register
{
struct ceph_mds_session *s;
+ if (mds >= mdsc->mdsmap->m_max_mds)
+ return ERR_PTR(-EINVAL);
+
s = kzalloc(sizeof(*s), GFP_NOFS);
if (!s)
return ERR_PTR(-ENOMEM);
Patches currently in stable-queue which might be from n1ght.4nd.d4y@xxxxxxxxx are
queue-3.10/ceph-fix-null-pointer-dereference.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html