linux/fs/notify/fanotify
Jan Kara 5838d4442b fanotify: fix double free of pending permission events
Commit 8581679424 ("fanotify: Fix use after free for permission
events") introduced a double free issue for permission events which are
pending in group's notification queue while group is being destroyed.
These events are freed from fanotify_handle_event() but they are not
removed from groups notification queue and thus they get freed again
from fsnotify_flush_notify().

Fix the problem by removing permission events from notification queue
before freeing them if we skip processing access response.  Also expand
comments in fanotify_release() to explain group shutdown in detail.

Fixes: 8581679424
Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Douglas Leeder <douglas.leeder@sophos.com>
Tested-by: Douglas Leeder <douglas.leeder@sophos.com>
Reported-by: Heinrich Schuchard <xypron.glpk@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-06 18:01:12 -07:00
..
Kconfig treewide: fix typo of "suport" in various comments and Kconfig 2012-11-19 14:16:09 +01:00
Makefile fanotify: fanotify_init syscall declaration 2010-07-28 09:58:55 -04:00
fanotify.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
fanotify.h fanotify: use fanotify event structure for permission response processing 2014-04-03 16:20:51 -07:00
fanotify_user.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00