[PATCH] Normal user can panic NFS client with direct I/O (CVE-2006-0555)

author Trond Myklebust <trond.myklebust@netapp.com>

Wed, 15 Feb 2006 05:42:26 +0000 (00:42 -0500)

committer Chris Wright <chrisw@sous-sol.org>

Wed, 1 Mar 2006 22:36:38 +0000 (14:36 -0800)
author Trond Myklebust <trond.myklebust@netapp.com>
Wed, 15 Feb 2006 05:42:26 +0000 (00:42 -0500)
committer Chris Wright <chrisw@sous-sol.org>
Wed, 1 Mar 2006 22:36:38 +0000 (14:36 -0800)
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c

index 07922881760339f15e907e340c787cf78d888bca..3ebb06e62c20279c91152662ea353e249137d5be 100644 (file)
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -106,6 +106,11 @@ nfs_get_user_pages(int rw, unsigned long user_addr, size_t size,
                 result = get_user_pages(current, current->mm, user_addr,
                                         page_count, (rw == READ), 0,
                                         *pages, NULL);
+               if (result >= 0 && result < page_count) {
+                       nfs_free_user_pages(*pages, result, 0);
+                       *pages = NULL;
+                       result = -EFAULT;
+               }
                 up_read(&current->mm->mmap_sem);
         }
         return result;
author	Trond Myklebust <trond.myklebust@netapp.com>
	Wed, 15 Feb 2006 05:42:26 +0000 (00:42 -0500)
committer	Chris Wright <chrisw@sous-sol.org>
	Wed, 1 Mar 2006 22:36:38 +0000 (14:36 -0800)