redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/fs/notify
History
Jan Kara 14e69b5a72 fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() 
commit 8f2f3eb59d upstream.

fsnotify_clear_marks_by_group_flags() can race with
fsnotify_destroy_marks() so that when fsnotify_destroy_mark_locked()
drops mark_mutex, a mark from the list iterated by
fsnotify_clear_marks_by_group_flags() can be freed and thus the next
entry pointer we have cached may become stale and we dereference free
memory.

Fix the problem by first moving marks to free to a special private list
and then always free the first entry in the special list.  This method
is safe even when entries from the list can disappear once we drop the
lock.

Signed-off-by: Jan Kara <jack@suse.com>
Reported-by: Ashish Sangwan <a.sangwan@samsung.com>
Reviewed-by: Ashish Sangwan <a.sangwan@samsung.com>
Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2015-08-16 20:52:09 -07:00
..
dnotify fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fanotify fanotify: fix event filtering with FAN_ONDIR set 2015-03-12 18:46:08 -07:00
inotify fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
Makefile fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
fdinfo.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fdinfo.h fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
fsnotify.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
fsnotify.h fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
group.c fs/notify/group.c: make fsnotify_final_destroy_group() static 2014-10-09 22:25:45 -04:00
inode_mark.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00
mark.c fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() 2015-08-16 20:52:09 -07:00
notification.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
vfsmount_mark.c fsnotify: unify inode and mount marks handling 2014-12-13 12:42:53 -08:00