Array is mapped by nfs_readdir_get_array(), the further kmap is a result of a bad merge and should be removed.
This resource leakage can be exploited for DoS by receptively reading a content of a directory on NFS (e.g. by running ls).
Fixes: 67a56e9743171 ("NFS: Fix memory leaks and corruption in readdir") Signed-off-by: Petr Malat oss@malat.biz --- fs/nfs/dir.c | 2 -- 1 file changed, 2 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index c2665d920cf8..2517fcd423b6 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -678,8 +678,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page, goto out_label_free; }
- array = kmap(page); - status = nfs_readdir_alloc_pages(pages, array_size); if (status < 0) goto out_release_array;