redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/fs/ceph
History
Jeff Layton fdd0f3b0e9 ceph: hold extra reference to r_parent over life of request 
commit 9c1c2b35f1 upstream.

Currently, we just assume that it will stick around by virtue of the
submitter's reference, but later patches will allow the syscall to
return early and we can't rely on that reference at that point.

While I'm not aware of any reports of it, Xiubo pointed out that this
may fix a use-after-free.  If the wait for a reply times out or is
canceled via signal, and then the reply comes in after the syscall
returns, the client can end up trying to access r_parent without a
reference.

Take an extra reference to the inode when setting r_parent and release
it when releasing the request.

Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-01-29 16:45:24 +01:00
..
Kconfig ceph: add selinux support 2019-07-08 14:01:42 +02:00
Makefile ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
acl.c ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx 2019-07-08 14:01:42 +02:00
addr.c ceph: use release_pages() directly 2019-09-16 12:06:25 +02:00
cache.c ceph: include ceph_debug.h in cache.c 2019-09-16 12:06:25 +02:00
cache.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 188 2019-05-30 11:29:21 -07:00
caps.c ceph: fix use-after-free in __ceph_remove_cap() 2019-10-29 22:29:51 +01:00
ceph_frag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c ceph: don't return a value from void function 2019-09-16 12:06:25 +02:00
dir.c ceph: fix compat_ioctl for ceph_dir_operations 2019-12-17 19:55:31 +01:00
export.c ceph: move static keyword to the front of declarations 2019-09-16 12:06:25 +02:00
file.c ceph: fix compat_ioctl for ceph_dir_operations 2019-12-17 19:55:31 +01:00
inode.c ceph: add missing check in d_revalidate snapdir handling 2019-10-29 22:29:55 +01:00
io.c ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
io.h ceph: add buffered/direct exclusionary locking for reads and writes 2019-09-16 12:06:25 +02:00
ioctl.c libceph, ceph: move ceph_calc_file_object_mapping() to striper.c 2018-04-02 10:12:43 +02:00
ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locks.c ceph: return -EIO if read/write against filp that lost file locks 2019-09-16 12:06:24 +02:00
mds_client.c ceph: hold extra reference to r_parent over life of request 2020-01-29 16:45:24 +01:00
mds_client.h ceph: eliminate session->s_trim_caps 2019-09-16 12:06:24 +02:00
mdsmap.c ceph: have MDS map decoding use entity_addr_t decoder 2019-07-08 14:01:43 +02:00
quota.c ceph: fix infinite loop in get_quota_realm() 2019-07-08 14:01:42 +02:00
snap.c ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() 2019-08-22 10:47:41 +02:00
strings.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
super.c ceph: return -EINVAL if given fsc mount option on kernel w/o support 2019-11-07 18:03:23 +01:00
super.h ceph: turn ceph_security_invalidate_secctx into static inline 2019-09-16 12:06:25 +02:00
xattr.c ceph: allow arbitrary security.* xattrs 2019-09-16 12:06:25 +02:00