OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/fs
History
Miklos Szeredi 860448e73b fuse: fix page dereference after free 
commit d78092e493 upstream.

After unlock_request() pages from the ap->pages[] array may be put (e.g. by
aborting the connection) and the pages can be freed.

Prevent use after free by grabbing a reference to the page before calling
unlock_request().

The original patch was created by Pradeep P V K.

Reported-by: Pradeep P V K <ppvk@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-11-01 12:01:05 +01:00
..
9p 9p: Fix memory leak in v9fs_mount 2020-08-19 08:16:24 +02:00
adfs
affs affs: fix basic permission bits to actually work 2020-09-09 19:12:34 +02:00
afs rxrpc: Make rxrpc_kernel_get_srtt() indicate validity 2020-09-09 19:12:23 +02:00
autofs autofs: fix a leak in autofs_expire_indirect() 2019-10-25 00:03:11 -04:00
befs
bfs
btrfs btrfs: take overcommit into account in inc_block_group_ro 2020-10-17 10:11:21 +02:00
cachefiles cachefiles: Fix race between read_waiter and read_copier involving op->to_do 2020-06-03 08:21:11 +02:00
ceph ceph: fix potential race in ceph_check_caps 2020-10-01 13:18:08 +02:00
cifs SMB3: Resolve data corruption of TCP server info fields 2020-10-29 09:57:28 +01:00
coda
configfs configfs: fix config_item refcnt leak in configfs_rmdir() 2020-05-27 17:46:30 +02:00
cramfs cramfs: fix usage on non-MTD device 2019-11-23 21:44:49 -05:00
crypto fscrypt: don't evict dirty inodes after removing key 2020-03-18 07:17:53 +01:00
debugfs debugfs: Fix module state check condition 2020-09-17 13:47:55 +02:00
devpts
dlm fs: dlm: fix configfs memory leak 2020-10-29 09:58:03 +01:00
ecryptfs ecryptfs: replace BUG_ON with error handling code 2020-02-28 17:22:26 +01:00
efivarfs efivarfs: Replace invalid slashes with exclamation marks in dentries. 2020-11-01 12:01:02 +01:00
efs
erofs erofs: avoid duplicated permission check for "trusted." xattrs 2020-11-01 12:01:04 +01:00
exportfs exportfs_decode_fh(): negative pinned may become positive without the parent locked 2019-11-10 11:56:05 -05:00
ext2 ext2: don't update mtime on COW faults 2020-09-09 19:12:30 +02:00
ext4 ext4: limit entries returned when counting fsmap records 2020-10-29 09:57:55 +01:00
f2fs f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info 2020-10-29 09:57:52 +01:00
fat fat: don't allow to mount if the FAT length == 0 2020-06-17 16:40:36 +02:00
freevxfs
fscache
fuse fuse: fix page dereference after free 2020-11-01 12:01:05 +01:00
gfs2 gfs2: clean up iopen glock mess in gfs2_create_inode 2020-10-01 13:17:20 +02:00
hfs
hfsplus hfsplus: fix crash and filesystem corruption when deleting files 2020-04-17 10:50:22 +02:00
hostfs
hpfs
hugetlbfs hugetlbfs: prevent filesystem stacking of hugetlbfs 2020-09-03 11:26:48 +02:00
iomap iomap: fix WARN_ON_ONCE() from unprivileged users 2020-10-29 09:58:06 +01:00
isofs
jbd2 jbd2: abort journal if free a async write error metadata buffer 2020-09-03 11:26:56 +02:00
jffs2 jffs2: fix UAF problem 2020-08-26 10:40:56 +02:00
jfs
kernfs kernfs: do not call fsnotify() with name without a parent 2020-08-19 08:16:12 +02:00
lockd
minix fs/minix: remove expected error message in block_to_path() 2020-08-21 13:05:37 +02:00
nfs nfs: Fix security label length not being reset 2020-10-07 08:01:28 +02:00
nfs_common
nfsd nfsd: Don't add locks to closed or closing open stateids 2020-10-01 13:17:43 +02:00
nilfs2 nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() 2020-06-17 16:40:29 +02:00
nls
notify fanotify: fix ignore mask logic for events on child and on dir 2020-06-17 16:40:24 +02:00
ntfs ntfs: add check for mft record size in superblock 2020-10-29 09:58:03 +01:00
ocfs2 ocfs2: change slot number type s16 to u16 2020-08-21 13:05:26 +02:00
omfs
openpromfs
orangefs orangefs: get rid of knob code... 2020-08-21 13:05:29 +02:00
overlayfs ovl: fix unneeded call to ovl_change_flags() 2020-07-22 09:33:12 +02:00
proc mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary 2020-10-29 09:57:45 +01:00
pstore pstore: Fix linking when crypto API disabled 2020-08-19 08:16:27 +02:00
qnx4
qnx6
quota quota: clear padding in v2r1_mem2diskdqb() 2020-10-29 09:57:42 +01:00
ramfs ramfs: fix nommu mmap with gaps in the page cache 2020-10-29 09:57:53 +01:00
reiserfs reiserfs: Fix memory leak in reiserfs_parse_options() 2020-10-29 09:58:08 +01:00
romfs romfs: fix uninitialized memory leak in romfs_dev_read() 2020-08-26 10:40:51 +02:00
squashfs
sysfs
sysv
tracefs
ubifs ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len 2020-10-01 13:17:51 +02:00
udf udf: Avoid accessing uninitialized data on failed inode read 2020-10-29 09:58:05 +01:00
ufs fs/ufs: avoid potential u32 multiplication overflow 2020-08-21 13:05:37 +02:00
unicode
verity
xfs xfs: make sure the rt allocator doesn't run off the end 2020-10-29 09:58:06 +01:00
Kconfig
Kconfig.binfmt
Makefile
aio.c aio: fix async fsync creds 2020-06-17 16:40:24 +02:00
anon_inodes.c
attr.c utimes: Clamp the timestamps in notify_change() 2020-02-11 04:35:12 -08:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() 2020-06-03 08:21:27 +02:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c binfmt_flat: revert "binfmt_flat: don't offset the data start" 2020-09-03 11:26:39 +02:00
binfmt_misc.c
binfmt_script.c
block_dev.c bdev: Reduce time holding bd_mutex in sync in blkdev_close() 2020-10-01 13:17:55 +02:00
buffer.c fs: prevent BUG_ON in submit_bh_wbc() 2020-09-03 11:26:57 +02:00
char_dev.c chardev: Avoid potential use-after-free in 'chrdev_open()' 2020-01-14 20:08:18 +01:00
compat.c
compat_binfmt_elf.c
compat_ioctl.c fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP 2020-01-09 10:20:05 +01:00
coredump.c coredump: fix crash when umh is disabled 2020-05-14 07:58:27 +02:00
d_path.c fs: fix NULL dereference due to data race in prepend_path() 2020-10-29 09:57:45 +01:00
dax.c dax: pass NOWAIT flag to iomap_apply 2020-03-05 16:43:36 +01:00
dcache.c fix dget_parent() fastpath race 2020-10-01 13:17:19 +02:00
dcookies.c
direct-io.c
drop_caches.c fs: avoid softlockups in s_inodes iterators 2020-01-12 12:21:37 +01:00
eventfd.c eventfd: track eventfd_signal() recursion depth 2020-02-11 04:35:37 -08:00
eventpoll.c ep_create_wakeup_source(): dentry name can change under you... 2020-10-07 08:01:31 +02:00
exec.c exec: Add exec_update_mutex to replace cred_guard_mutex 2020-10-01 13:17:47 +02:00
fcntl.c
fhandle.c
file.c fix multiplication overflow in copy_fdtable() 2020-05-27 17:46:12 +02:00
file_table.c
filesystems.c fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() 2020-04-17 10:50:21 +02:00
fs-writeback.c writeback: Fix sync livelock due to b_dirty_time processing 2020-09-03 11:27:04 +02:00
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
inode.c futex: Fix inode life-time issue 2020-03-25 08:25:58 +01:00
internal.h fs: move guard_bio_eod() after bio_set_op_attrs 2020-01-17 19:48:21 +01:00
io_uring.c io_uring: Fix double list add in io_queue_async_work() 2020-10-14 10:32:57 +02:00
ioctl.c compat_ioctl: add compat_ptr_ioctl() 2019-12-17 19:55:30 +01:00
libfs.c libfs: fix infoleak in simple_attr_read() 2020-04-01 11:02:17 +02:00
locks.c locks: reinstate locks_delete_block optimization 2020-03-25 08:25:41 +01:00
mbcache.c
mount.h
mpage.c fs: move guard_bio_eod() after bio_set_op_attrs 2020-01-17 19:48:21 +01:00
namei.c namei: only return -ECHILD from follow_dotdot_rcu() 2020-03-05 16:43:48 +01:00
namespace.c
no-block.c
nsfs.c
open.c cifs_atomic_open(): fix double-put on late allocation failure 2020-03-18 07:17:51 +01:00
pipe.c
pnode.c propagate_one(): mnt_set_mountpoint() needs mount_lock 2020-05-02 08:48:44 +02:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c fs: allow deduplication of eof block into the end of the destination file 2020-02-11 04:35:23 -08:00
readdir.c readdir: be more conservative with directory entry names 2020-01-29 16:45:31 +01:00
select.c
seq_file.c
signalfd.c fs/signalfd.c: fix inconsistent return codes for signalfd4 2020-08-26 10:40:58 +02:00
splice.c splice: only read in as much information as there is pipe buffer space 2019-12-17 19:56:52 +01:00
stack.c
stat.c
statfs.c
super.c Fix use after free in get_tree_bdev() 2020-05-06 08:15:15 +02:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK 2020-01-04 19:18:32 +01:00
utimes.c utimes: Clamp the timestamps in notify_change() 2020-02-11 04:35:12 -08:00
xattr.c xattr: break delegations in {set,remove}xattr 2020-08-11 15:33:39 +02:00