diff --git a/patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch b/patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch new file mode 100644 index 0000000..ad82532 --- /dev/null +++ b/patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch @@ -0,0 +1,32 @@ +From: Xingyuan Mo +Date: Thu, 12 Jan 2023 00:24:53 +0800 +Subject: [PATCH] NFSD: fix use-after-free in nfsd4_ssc_setup_dul() +Git-commit: e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd +Patch-mainline: v6.2 +References: git-fixes bsc#1209788 CVE-2023-1652 + +If signal_pending() returns true, schedule_timeout() will not be executed, +causing the waiting task to remain in the wait queue. +Fixed by adding a call to finish_wait(), which ensures that the waiting +task will always be removed from the wait queue. + +Fixes: f4e44b393389 ("NFSD: delay unmount source's export after inter-server copy completed.") +Signed-off-by: Xingyuan Mo +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Acked-by: NeilBrown + +--- + fs/nfsd/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1205,6 +1205,7 @@ try_again: + /* allow 20secs for mount/unmount for now - revisit */ + if (signal_pending(current) || + (schedule_timeout(20*HZ) == 0)) { ++ finish_wait(&nn->nfsd_ssc_waitq, &wait); + kfree(work); + return nfserr_eagain; + } diff --git a/series.conf b/series.conf index 12d40d7..c50f796 100644 --- a/series.conf +++ b/series.conf @@ -20566,6 +20566,7 @@ patches.suse/0171-drm-imx-dcss-Replace-module-initialization-with-DRM-.patch patches.suse/0172-drm-komeda-Replace-module-initialization-with-DRM-he.patch patches.suse/0173-drm-arm-hdlcd-Replace-module-initialization-with-DRM.patch + patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch patches.suse/0174-drm-malidp-Replace-module-initialization-with-DRM-he.patch patches.suse/0175-drm-locking-fix-drm_modeset_acquire_ctx-kernel-doc.patch patches.suse/0176-drm-Update-docs-after-moving-DisplayPort-helpers-aro.patch