[PATCH] Normal user can panic NFS client with direct I/O (CVE-2006-0555)

This is CVE-2006-0555 and SGI bug 946529. A normal user can panic an NFS client and cause a local DoS with 'judicious'(?) use of O_DIRECT. Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: Trond Myklebust <trond.myklebust@netapp.com> 2006-02-15 00:42:26 -0500
committer: Chris Wright <chrisw@sous-sol.org> 2006-03-01 14:36:38 -0800
commit: 93e3d00a9f0158e522cada1088233fad23247882 (patch)
tree: 36449c44dfaa123ff047384c1792b2abf8fd0915
parent: 8dcd7c19f2624b7150edd60da336da0bb5291bef (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 079228817603..3ebb06e62c20 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -106,6 +106,11 @@ nfs_get_user_pages(int rw, unsigned long user_addr, size_t size,
 		result = get_user_pages(current, current->mm, user_addr,
 					page_count, (rw == READ), 0,
 					*pages, NULL);
+		if (result >= 0 && result < page_count) {
+			nfs_free_user_pages(*pages, result, 0);
+			*pages = NULL;
+			result = -EFAULT;
+		}
 		up_read(&current->mm->mmap_sem);
 	}
 	return result;
author	Trond Myklebust <trond.myklebust@netapp.com>	2006-02-15 00:42:26 -0500
committer	Chris Wright <chrisw@sous-sol.org>	2006-03-01 14:36:38 -0800
commit	93e3d00a9f0158e522cada1088233fad23247882 (patch)
tree	36449c44dfaa123ff047384c1792b2abf8fd0915
parent	8dcd7c19f2624b7150edd60da336da0bb5291bef (diff)