SRU justification: Impact: iov_iter_advance() skips over zero-length iovecs, however it does not properly terminate at the end of the iovec array. This leads to kernel crashed under this circumstances.
Fix: Check i->count before skipping zero length iov. And also include a fixup to check whther already iteraded over the whole array. One fix comes from the 2.6.24.y stable tree, the other from the 2.6.26.y stable tree. Testcase: see bug report. -- kernel crash in iov_iter_advance (caused by nfs-kernel-server) https://bugs.launchpad.net/bugs/231746 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
