From f37b1fd41a153b0f543c442e4e0ac44ac2e9274a Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 27 Feb 2006 13:54:22 -0800 Subject: [PATCH] Add NFS client O_DIRECT fix (CVE-2006-0555). --- ...can-panic-nfs-client-with-direct-i-o.patch | 31 +++++++++++++++++++ queue/series | 1 + 2 files changed, 32 insertions(+) create mode 100644 queue/normal-user-can-panic-nfs-client-with-direct-i-o.patch diff --git a/queue/normal-user-can-panic-nfs-client-with-direct-i-o.patch b/queue/normal-user-can-panic-nfs-client-with-direct-i-o.patch new file mode 100644 index 00000000000..f823459c444 --- /dev/null +++ b/queue/normal-user-can-panic-nfs-client-with-direct-i-o.patch @@ -0,0 +1,31 @@ +From vendor-sec-admin@lst.de Tue Feb 14 21:47:34 2006 +Date: Wed, 15 Feb 2006 00:42:26 -0500 (EST) +From: "Mike O'Connor" +Cc: trond.myklebust@netapp.com, Greg Banks +Subject: Normal user can panic NFS client with direct I/O + +From: Trond Myklebust + +This is CVE-2006-0555 and SGI bug 946529. A normal user can panic an +NFS client and cause a local DoS with 'judicious'(?) use of O_DIRECT. + +Signed-off-by: Chris Wright +--- + + fs/nfs/direct.c | 5 +++++ + 1 files changed, 5 insertions(+) + +--- linux-2.6.15.4.orig/fs/nfs/direct.c ++++ linux-2.6.15.4/fs/nfs/direct.c +@@ -106,6 +106,11 @@ nfs_get_user_pages(int rw, unsigned long + result = get_user_pages(current, current->mm, user_addr, + page_count, (rw == READ), 0, + *pages, NULL); ++ if (result >= 0 && result < page_count) { ++ nfs_free_user_pages(*pages, result, 0); ++ *pages = NULL; ++ result = -EFAULT; ++ } + up_read(¤t->mm->mmap_sem); + } + return result; diff --git a/queue/series b/queue/series index c2e04304b33..06fcea1f3cb 100644 --- a/queue/series +++ b/queue/series @@ -35,3 +35,4 @@ fix-a-severe-bug.patch sd-fix-memory-corruption-with-broken-mode-page-headers.patch sbp2-fix-another-deadlock-after-disconnection.patch xfs-ftruncate-bug-could-expose-stale-data.patch +normal-user-can-panic-nfs-client-with-direct-i-o.patch -- 2.47.3