proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-18 12:20:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10b6ea0959
mirror_ubuntu-kernels/fs/notify
History
Jan Kara 96d41019e3 fanotify: fix list corruption in fanotify_get_response() 
fanotify_get_response() calls fsnotify_remove_event() when it finds that
group is being released from fanotify_release() (bypass_perm is set).

However the event it removes need not be only in the group's notification
queue but it can have already moved to access_list (userspace read the
event before closing the fanotify instance fd) which is protected by a
different lock.  Thus when fsnotify_remove_event() races with
fanotify_release() operating on access_list, the list can get corrupted.

Fix the problem by moving all the logic removing permission events from
the lists to one place - fanotify_release().

Fixes: 5838d4442b ("fanotify: fix double free of pending permission events")
Link: http://lkml.kernel.org/r/1473797711-14111-3-git-send-email-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-09-19 15:36:17 -07:00
..
dnotify fsnotify: get rid of fsnotify_destroy_mark_locked() 2015-09-04 16:54:41 -07:00
fanotify fanotify: fix list corruption in fanotify_get_response() 2016-09-19 15:36:17 -07:00
inotify inotify: actually check for invalid bits in sys_inotify_add_watch() 2015-11-05 19:34:48 -08:00
fdinfo.c inotify: hide internal kernel bits from fdinfo 2015-11-05 19:34:48 -08:00
fdinfo.h fs: Convert show_fdinfo functions to void 2014-11-05 14:13:23 -05:00
fsnotify.c fsnotify: remove mark->free_list 2015-09-04 16:54:41 -07:00
fsnotify.h fsnotify: avoid spurious EMFILE errors from inotify_init() 2016-05-19 19:12:14 -07:00
group.c fsnotify: add a way to stop queueing events on group shutdown 2016-09-19 15:36:17 -07:00
inode_mark.c fs/notify/inode_mark.c: use list_next_entry in fsnotify_unmount_inodes 2016-01-14 16:00:49 -08:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
Makefile fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
mark.c fsnotify: avoid spurious EMFILE errors from inotify_init() 2016-05-19 19:12:14 -07:00
notification.c fanotify: fix list corruption in fanotify_get_response() 2016-09-19 15:36:17 -07:00
vfsmount_mark.c fsnotify: remove mark->free_list 2015-09-04 16:54:41 -07:00