Blaster4385/linux-IllusionX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-IllusionX/fs/notify
History
Miklos Szeredi 0d6ec079d6 fsnotify: pin both inode and vfsmount mark 
We may fail to pin one of the marks in fsnotify_prepare_user_wait() when
dropping the srcu read lock, resulting in use after free at the next
iteration.

Solution is to store both marks in iter_info instead of just the one we'll
be sending the event for.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 9385a84d7e ("fsnotify: Pass fsnotify_iter_info into handle_event handler")
Cc: <stable@vger.kernel.org> # v4.12
Signed-off-by: Jan Kara <jack@suse.cz>
2017-10-31 17:54:56 +01:00
..
dnotify dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify() 2017-10-31 17:41:04 +01:00
fanotify fanotify: don't expose EOPENSTALE to userspace 2017-04-25 15:48:06 +02:00
inotify fsnotify: Move ->free_mark callback to fsnotify_ops 2017-04-10 17:37:36 +02:00
fdinfo.c fsnotify: Move object pointer to fsnotify_mark_connector 2017-04-10 17:37:35 +02:00
fdinfo.h fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
fsnotify.c fsnotify: pin both inode and vfsmount mark 2017-10-31 17:54:56 +01:00
fsnotify.h fsnotify: Remove fsnotify_find_{inode|vfsmount}_mark() 2017-04-10 17:37:36 +02:00
group.c fsnotify: convert fsnotify_group.refcnt from atomic_t to refcount_t 2017-10-31 17:54:56 +01:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
Makefile fsnotify: Drop inode_mark.c 2017-04-10 17:37:36 +02:00
mark.c fsnotify: clean up fsnotify_prepare/finish_user_wait() 2017-10-31 17:54:56 +01:00
notification.c fsnotify: clean up spinlock assertions 2016-10-07 18:46:26 -07:00