From: Sasha Levin <sashal@kernel.org>
Date: Sat, 14 Mar 2020 00:33:16 +0000 (-0400)
Subject: fixes for v4.4
X-Git-Tag: v4.19.110~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b93f434e7d9d83e5eb4fe01246621058f6e16e48;p=thirdparty%2Fkernel%2Fstable-queue.git

fixes for v4.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch b/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
new file mode 100644
index 00000000000..0a7169512e5
--- /dev/null
+++ b/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch
@@ -0,0 +1,36 @@
+From 5ca602b609551fb8de192d17c1e319650fcdda3d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Mar 2020 21:24:43 +0100
+Subject: NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
+
+From: Petr Malat <oss@malat.biz>
+
+Array is mapped by nfs_readdir_get_array(), the further kmap is a result
+of a bad merge and should be removed.
+
+This resource leakage can be exploited for DoS by receptively reading
+a content of a directory on NFS (e.g. by running ls).
+
+Fixes: 67a56e9743171 ("NFS: Fix memory leaks and corruption in readdir")
+Signed-off-by: Petr Malat <oss@malat.biz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/dir.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
+index 2ac3d2527ad20..21e5fcbcb2272 100644
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -657,8 +657,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
+ 		goto out_label_free;
+ 	}
+ 
+-	array = kmap(page);
+-
+ 	status = nfs_readdir_alloc_pages(pages, array_size);
+ 	if (status < 0)
+ 		goto out_release_array;
+-- 
+2.20.1
+
diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..48d01d4b9c3
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1 @@
+nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch