Make sure to kunmap() the right address in fs/nfs/dir.c.

Found by Rik van Riel: "There's a serious bug in the handling of the pointer returned by kmap_atomic() in nfs/dir.c. The pointer (part of desc) is passed into find_dirent_name and from there into dir_decode, which modifies the pointer. That means you end up passing a wrong address to kunmap_atomic()."

Make sure to kunmap() the right address in fs/nfs/dir.c.
Found by Rik van Riel: "There's a serious bug in the handling of the pointer returned by kmap_atomic() in nfs/dir.c. The pointer (part of desc) is passed into find_dirent_name and from there into dir_decode, which modifies the pointer. That means you end up passing a wrong address to kunmap_atomic()."
8f44c5c2 · Linus Torvalds · d26a42bb · 8f44c5c2
Commit 8f44c5c2 authored Apr 10, 2003 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

fs/nfs/dir.c fs/nfs/dir.c +3 -2

No files found.
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -736,9 +736,10 @@ int nfs_cached_lookup(struct inode *dir, struct dentry *dentry,

 		res = -EIO;
 		if (PageUptodate(page)) {
-			desc.ptr = kmap_atomic(page, KM_USER0);
+			void * kaddr = kmap_atomic(page, KM_USER0);
+			desc.ptr = kaddr;
 			res = find_dirent_name(&desc, page, dentry);
-			kunmap_atomic(desc.ptr, KM_USER0);
+			kunmap_atomic(kaddr, KM_USER0);
 		}
 		page_cache_release(page);