From b93f434e7d9d83e5eb4fe01246621058f6e16e48 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Fri, 13 Mar 2020 20:33:16 -0400 Subject: [PATCH] fixes for v4.4 Signed-off-by: Sasha Levin --- ...fluous-kmap-in-nfs_readdir_xdr_to_ar.patch | 36 +++++++++++++++++++ queue-4.4/series | 1 + 2 files changed, 37 insertions(+) create mode 100644 queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch create mode 100644 queue-4.4/series diff --git a/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch b/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch new file mode 100644 index 00000000000..0a7169512e5 --- /dev/null +++ b/queue-4.4/nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch @@ -0,0 +1,36 @@ +From 5ca602b609551fb8de192d17c1e319650fcdda3d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Mar 2020 21:24:43 +0100 +Subject: NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array + +From: Petr Malat + +Array is mapped by nfs_readdir_get_array(), the further kmap is a result +of a bad merge and should be removed. + +This resource leakage can be exploited for DoS by receptively reading +a content of a directory on NFS (e.g. by running ls). + +Fixes: 67a56e9743171 ("NFS: Fix memory leaks and corruption in readdir") +Signed-off-by: Petr Malat +Signed-off-by: Sasha Levin +--- + fs/nfs/dir.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c +index 2ac3d2527ad20..21e5fcbcb2272 100644 +--- a/fs/nfs/dir.c ++++ b/fs/nfs/dir.c +@@ -657,8 +657,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page, + goto out_label_free; + } + +- array = kmap(page); +- + status = nfs_readdir_alloc_pages(pages, array_size); + if (status < 0) + goto out_release_array; +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..48d01d4b9c3 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1 @@ +nfs-remove-superfluous-kmap-in-nfs_readdir_xdr_to_ar.patch -- 2.47.3