linux/fs/notify
Jan Kara 8f2f3eb59d fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
fsnotify_clear_marks_by_group_flags() can race with
fsnotify_destroy_marks() so that when fsnotify_destroy_mark_locked()
drops mark_mutex, a mark from the list iterated by
fsnotify_clear_marks_by_group_flags() can be freed and thus the next
entry pointer we have cached may become stale and we dereference free
memory.

Fix the problem by first moving marks to free to a special private list
and then always free the first entry in the special list.  This method
is safe even when entries from the list can disappear once we drop the
lock.

Signed-off-by: Jan Kara <jack@suse.com>
Reported-by: Ashish Sangwan <a.sangwan@samsung.com>
Reviewed-by: Ashish Sangwan <a.sangwan@samsung.com>
Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-08-07 04:39:41 +03:00
..
dnotify fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fanotify fanotify: fix event filtering with FAN_ONDIR set 2015-03-12 18:46:08 -07:00
inotify fs/notify: don't use module_init for non-modular inotify_user code 2015-06-16 14:12:34 -04:00
fdinfo.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fdinfo.h fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
fsnotify.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fsnotify.h fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
group.c fs/notify/group.c: make fsnotify_final_destroy_group() static 2014-10-09 22:25:45 -04:00
inode_mark.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
Makefile
mark.c fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() 2015-08-07 04:39:41 +03:00
notification.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
vfsmount_mark.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00