MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-21 07:30:16 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-3.12.y
linux-imx/fs/notify
History
Jan Kara 194d435710 fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() 
commit 8f2f3eb59d upstream.

fsnotify_clear_marks_by_group_flags() can race with
fsnotify_destroy_marks() so that when fsnotify_destroy_mark_locked()
drops mark_mutex, a mark from the list iterated by
fsnotify_clear_marks_by_group_flags() can be freed and thus the next
entry pointer we have cached may become stale and we dereference free
memory.

Fix the problem by first moving marks to free to a special private list
and then always free the first entry in the special list.  This method
is safe even when entries from the list can disappear once we drop the
lock.

Signed-off-by: Jan Kara <jack@suse.com>
Reported-by: Ashish Sangwan <a.sangwan@samsung.com>
Reviewed-by: Ashish Sangwan <a.sangwan@samsung.com>
Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2015-08-19 08:36:47 +02:00
..
dnotify dnotify: replace dnotify_mark_mutex with mark mutex of dnotify_group 2013-07-09 10:33:20 -07:00
fanotify fanotify: enable close-on-exec on events' fd when requested in fanotify_init() 2014-10-31 15:11:24 +01:00
inotify inotify: fix race when adding a new watch 2013-07-09 10:33:20 -07:00
fdinfo.c fs/notify: don't show f_handle if exportfs_encode_inode_fh failed 2014-10-13 15:41:29 +02:00
fdinfo.h fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
fsnotify.c move d_rcu from overlapping d_child to overlapping d_alias 2015-01-29 15:45:16 +01:00
fsnotify.h fsnotify: remove global fsnotify groups lists 2010-07-28 10:18:54 -04:00
group.c fsnotify: make fasync generic for both inotify and fanotify 2012-12-11 13:44:36 -05:00
inode_mark.c fsnotify: next_i is freed during fsnotify_unmount_inodes. 2015-01-14 11:43:05 +01:00
Kconfig fanotify: allow fanotify to be built 2010-10-28 17:22:13 -04:00
Makefile fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
mark.c fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() 2015-08-19 08:36:47 +02:00
notification.c Merge branch 'for-next' of git://git.infradead.org/users/eparis/notify 2012-12-20 20:11:52 -08:00
vfsmount_mark.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00