From: Sasha Levin <sashal@kernel.org>
Date: Sat, 14 Mar 2020 00:33:16 +0000 (-0400)
Subject: fixes for v4.9
X-Git-Tag: v4.19.110~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=269f86bc9d2c95d1731aa232692e2497d038909e;p=thirdparty%2Fkernel%2Fstable-queue.git

fixes for v4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch b/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
new file mode 100644
index 00000000000..9713abf6925
--- /dev/null
+++ b/queue-4.9/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
@@ -0,0 +1,36 @@
+From 9b8e8495acfc4b74f0dc8d133c6360fb210dd70a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Mar 2020 21:24:43 +0100
+Subject: NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
+
+From: Petr Malat <oss@malat.biz>
+
+Array is mapped by nfs_readdir_get_array(), the further kmap is a result
+of a bad merge and should be removed.
+
+This resource leakage can be exploited for DoS by receptively reading
+a content of a directory on NFS (e.g. by running ls).
+
+Fixes: 67a56e9743171 ("NFS: Fix memory leaks and corruption in readdir")
+Signed-off-by: Petr Malat <oss@malat.biz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/dir.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
+index c2665d920cf8c..2517fcd423b68 100644
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -678,8 +678,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
+ 		goto out_label_free;
+ 	}
+ 
+-	array = kmap(page);
+-
+ 	status = nfs_readdir_alloc_pages(pages, array_size);
+ 	if (status < 0)
+ 		goto out_release_array;
+-- 
+2.20.1
+
diff --git a/queue-4.9/series b/queue-4.9/series
new file mode 100644
index 00000000000..48d01d4b9c3
--- /dev/null
+++ b/queue-4.9/series
@@ -0,0 +1 @@
+nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch