redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/fs/fscache
History
Eric Biggers d2d576e285 FS-Cache: fix dereference of NULL user_key_payload 
commit d124b2c53c upstream.

When the file /proc/fs/fscache/objects (available with
CONFIG_FSCACHE_OBJECT_LIST=y) is opened, we request a user key with
description "fscache:objlist", then access its payload.  However, a
revoked key has a NULL payload, and we failed to check for this.
request_key() *does* skip revoked keys, but there is still a window
where the key can be revoked before we access its payload.

Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.

Fixes: 4fbf4291aa ("FS-Cache: Allow the current state of all objects to be dumped")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2017-10-27 10:38:11 +02:00
..
Kconfig fscache: drop references to slow-work 2010-07-22 22:58:58 +02:00
Makefile FS-Cache: Allow the current state of all objects to be dumped 2009-11-19 18:11:04 +00:00
cache.c fs/fscache: convert printk to pr_foo() 2014-06-04 16:53:51 -07:00
cookie.c fscache: Clear outstanding writes when disabling a cookie 2017-06-17 06:41:52 +02:00
fsdef.c FS-Cache: Provide the ability to enable/disable cookies 2013-09-27 18:40:25 +01:00
histogram.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00
internal.h FS-Cache: The operation cancellation method needs calling in more places 2015-04-02 14:28:53 +01:00
main.c fs/fscache: make ctl_table static 2014-08-06 18:01:12 -07:00
netfs.c FS-Cache: Initialise stores_lock in netfs cookie 2017-06-17 06:41:52 +02:00
object-list.c FS-Cache: fix dereference of NULL user_key_payload 2017-10-27 10:38:11 +02:00
object.c fscache: Clear outstanding writes when disabling a cookie 2017-06-17 06:41:52 +02:00
operation.c FS-Cache: Retain the netfs context in the retrieval op earlier 2015-04-02 14:28:53 +01:00
page.c FS-Cache: wake write waiter after invalidating writes 2016-06-01 10:29:09 +02:00
proc.c FS-Cache: Allow the current state of all objects to be dumped 2009-11-19 18:11:04 +00:00
stats.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00