1 From vendor-sec-admin@lst.de Tue Feb 14 21:47:34 2006
2 Date: Wed, 15 Feb 2006 00:42:26 -0500 (EST)
3 From: "Mike O'Connor" <mjo@dojo.mi.org>
4 Cc: trond.myklebust@netapp.com, Greg Banks <gnb@melbourne.sgi.com>
5 Subject: Normal user can panic NFS client with direct I/O (CVE-2006-0555)
7 From: Trond Myklebust <trond.myklebust@netapp.com>
9 This is CVE-2006-0555 and SGI bug 946529. A normal user can panic an
10 NFS client and cause a local DoS with 'judicious'(?) use of O_DIRECT.
12 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
15 fs/nfs/direct.c | 5 +++++
16 1 files changed, 5 insertions(+)
18 --- linux-2.6.15.4.orig/fs/nfs/direct.c
19 +++ linux-2.6.15.4/fs/nfs/direct.c
20 @@ -106,6 +106,11 @@ nfs_get_user_pages(int rw, unsigned long
21 result = get_user_pages(current, current->mm, user_addr,
22 page_count, (rw == READ), 0,
24 + if (result >= 0 && result < page_count) {
25 + nfs_free_user_pages(*pages, result, 0);
29 up_read(¤t->mm->mmap_sem);