+++ This bug was initially created as a clone of Bug #500839 +++ This bug was reported upstream, but RHEL4 is also vulnerable. If you mount a share to which you do not have write permissions an then try to rename a file, the kernel will oops.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Committed in 89.44.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Due to change of CIFS to system error mappings discussed in bug 516102 is this one unverifiable. [root@ibm-ls22-01 ~]# mount -t cifs //localhost/bug /mnt/testarea/500904-mnt/ -o username=root,rw Password: [root@ibm-ls22-01 ~]# cd /mnt/testarea/500904-mnt/ [root@ibm-ls22-01 500904-mnt]# mv file1 file2 mv: overwrite `file2'? yes mv: cannot move `file1' to a subdirectory of itself, `file2' [root@ibm-ls22-01 500904-mnt]# uname -ri 2.6.9-89.43.EL x86_64 Performed code review and it looks ok, moving to verified then. 2.6.9-89.44.EL kernel.spec: 2590 Patch13122: linux-2.6.9-cifs-when-renaming-don-t-try-to-unlink-negative-- dent.patch 5978 %patch13122 -p1 unlink-negative-dent.patch SOURCES/linux-2.6.9-cifs-when-renaming-don-t-try-to-u Changelog: cifs: when renaming don't try to unlink negative dentry Bugzilla: 500904 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c @@ -1379,7 +1379,8 @@ int cifs_rename(struct inode *source_dir, struct dentry *source_dentry, checking the UniqueId via FILE_INTERNAL_INFO */ unlink_target: - if ((rc == -EACCES) || (rc == -EEXIST)) { + /* Try unlinking the target dentry if it's not negative */ + if (target_dentry->d_inode && (rc == -EACCES || rc == -EEXIST)) { tmprc = cifs_unlink(target_dir, target_dentry); if (tmprc) goto cifs_rename_exit;
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html