diff options
author | Trond Myklebust <trond.myklebust@netapp.com> | 2006-02-15 00:42:26 -0500 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-03-01 14:36:38 -0800 |
commit | 93e3d00a9f0158e522cada1088233fad23247882 (patch) | |
tree | 36449c44dfaa123ff047384c1792b2abf8fd0915 | |
parent | 8dcd7c19f2624b7150edd60da336da0bb5291bef (diff) |
[PATCH] Normal user can panic NFS client with direct I/O (CVE-2006-0555)
This is CVE-2006-0555 and SGI bug 946529. A normal user can panic an
NFS client and cause a local DoS with 'judicious'(?) use of O_DIRECT.
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-rw-r--r-- | fs/nfs/direct.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index 07922881760..3ebb06e62c2 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -106,6 +106,11 @@ nfs_get_user_pages(int rw, unsigned long user_addr, size_t size, result = get_user_pages(current, current->mm, user_addr, page_count, (rw == READ), 0, *pages, NULL); + if (result >= 0 && result < page_count) { + nfs_free_user_pages(*pages, result, 0); + *pages = NULL; + result = -EFAULT; + } up_read(¤t->mm->mmap_sem); } return result; |