fixes for v4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch b/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
new file mode 100644 (file)
index 0000000..9713abf
--- /dev/null
+++ b/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
@@ -0,0 +1,36 @@
+From 9b8e8495acfc4b74f0dc8d133c6360fb210dd70a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Mar 2020 21:24:43 +0100
+Subject: NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
+
+From: Petr Malat <oss@malat.biz>
+
+Array is mapped by nfs_readdir_get_array(), the further kmap is a result
+of a bad merge and should be removed.
+
+This resource leakage can be exploited for DoS by receptively reading
+a content of a directory on NFS (e.g. by running ls).
+
+Fixes: 67a56e9743171 ("NFS: Fix memory leaks and corruption in readdir")
+Signed-off-by: Petr Malat <oss@malat.biz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/dir.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
+index c2665d920cf8c..2517fcd423b68 100644
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -678,8 +678,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
+               goto out_label_free;
+       }
+ 
+-      array = kmap(page);
+-
+       status = nfs_readdir_alloc_pages(pages, array_size);
+       if (status < 0)
+               goto out_release_array;
+-- 
+2.20.1
+

diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644 (file)
index 0000000..48d01d4
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1 @@
+nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch