iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Linus Torvalds 2dab597441 Fix possible filp_cachep memory corruption 
In commit 31e6b01f4183 ("fs: rcu-walk for path lookup") we started doing
path lookup using RCU, which then falls back to a careful non-RCU lookup
in case of problems (LOOKUP_REVAL).  So do_filp_open() has this "re-do
the lookup carefully" looping case.

However, that means that we must not release the open-intent file data
if we are going to loop around and use it once more!

Fix this by moving the release of the open-intent data to the function
that allocates it (do_filp_open() itself) rather than the helper
functions that can get called multiple times (finish_open() and
do_last()).  This makes the logic for the lifetime of that field much
more obvious, and avoids the possible double free.

Reported-by: J. R. Okajima <hooanon05@yahoo.co.jp>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Nick Piggin <npiggin@kernel.dk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-02-11 15:53:38 -08:00
..
9p
switch 9p
2011-01-12 20:03:43 -05:00
adfs
switch adfs
2011-01-12 20:02:45 -05:00
affs
switch affs
2011-01-12 20:03:42 -05:00
afs
Unexport do_add_mount() and add in follow_automount(), not ->d_automount()
2011-01-15 20:07:48 -05:00
autofs4
autofs4: clean ->d_release() and autofs4_free_ino() up
2011-01-18 01:21:29 -05:00
befs
befs: don't pass huge structs by value
2011-01-13 08:03:15 -08:00
bfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
btrfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable
2011-02-07 14:06:18 -08:00
cachefiles
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
ceph
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
2011-01-28 12:12:58 +10:00
cifs
cifs: remove checks for ses->status == CifsExiting
2011-02-07 17:25:55 +00:00
coda
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-01-13 10:27:28 -08:00
configfs
configfs: change depends -> select SYSFS
2011-01-16 21:22:29 +00:00
cramfs
cramfs: generate unique inode number for better inode cache usage
2011-01-13 08:03:23 -08:00
debugfs
convert get_sb_single() users
2010-10-29 04:16:28 -04:00
devpts
convert get_sb_single() users
2010-10-29 04:16:28 -04:00
dlm
dlm: Make DLM depend on CONFIGFS_FS
2011-01-16 21:22:37 +00:00
ecryptfs
ecryptfs: remove unnecessary decrypt when extending a file
2011-01-17 13:01:25 -06:00
efs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
exofs
Revert "exofs: Set i_mapping->backing_dev_info anyway"
2011-02-02 17:53:27 -08:00
exportfs
fs: dcache per-inode inode alias locking
2011-01-07 17:50:31 +11:00
ext2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2011-01-11 14:37:31 -08:00
ext3
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2011-01-21 07:33:37 -08:00
ext4
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2011-01-21 07:33:37 -08:00
fat
switch fat to ->s_d_op, close exportfs races there
2011-01-12 20:02:43 -05:00
freevxfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
fscache
FS-Cache: Fix operation handling
2011-01-14 09:23:36 -08:00
fuse
switch fuse
2011-01-12 20:02:44 -05:00
gfs2
GFS2: Fix error path in gfs2_lookup_by_inum()
2011-01-18 14:49:08 +00:00
hfs
switch hfs
2011-01-12 20:02:45 -05:00
hfsplus
hfsplus: fix up a comparism in hfsplus_file_extend
2011-02-03 16:34:18 -07:00
hostfs
switch hostfs
2011-01-12 20:03:42 -05:00
hpfs
hpfs_setattr error case avoids unlock_kernel
2011-01-17 05:11:37 -05:00
hppfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
hugetlbfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
isofs
fix isofs d_op handling
2011-01-12 20:02:43 -05:00
jbd
fix comment typos concerning "consistent"
2010-12-10 16:04:28 +01:00
jbd2
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2011-01-13 10:05:56 -08:00
jffs2
Merge git://git.infradead.org/mtd-2.6
2011-01-17 11:15:30 -08:00
jfs
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
lockd
NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!"
2011-01-25 15:24:47 -05:00
logfs
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
minix
minixfs: kill dead code
2011-01-12 20:02:44 -05:00
ncpfs
move internal-only parts of ncpfs headers to fs/ncpfs
2011-01-12 20:03:43 -05:00
nfs
NFS: NFSv4 readdir loses entries
2011-01-28 13:41:35 -05:00
nfs_common
NFS: Prevent memory allocation failure in nfsacl_encode()
2011-01-25 15:24:47 -05:00
nfsd
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2011-01-16 11:31:50 -08:00
nilfs2
nilfs2: fix crash after one superblock became unavailable
2011-01-22 15:22:36 +09:00
nls
notify
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2011-01-13 10:05:56 -08:00
ntfs
NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc().
2011-01-31 12:58:11 +10:00
ocfs2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2011-01-21 07:33:37 -08:00
omfs
new helper: mount_bdev()
2010-10-29 04:16:13 -04:00
openpromfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
partitions
Merge branch 'for-2.6.38/event-handling' into for-2.6.38/core
2011-01-13 14:47:54 +01:00
proc
console: rename acquire/release_console_sem() to console_lock/unlock()
2011-01-26 10:50:06 +10:00
qnx4
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
quota
quota: Fix deadlock during path resolution
2011-01-12 19:14:55 +01:00
ramfs
convert get_sb_nodev() users
2010-10-29 04:16:31 -04:00
reiserfs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2011-01-21 07:33:37 -08:00
romfs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
squashfs
squashfs: fix use of uninitialised variable in zlib & xz decompressors
2011-01-26 10:50:05 +10:00
sysfs
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT
2011-01-20 17:02:05 -08:00
sysv
switch sysv
2011-01-12 20:02:44 -05:00
ubifs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
udf
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6
2011-01-11 14:45:52 -08:00
ufs
fs: icache RCU free inodes
2011-01-07 17:50:26 +11:00
xfs
xfs: xfs_bmap_add_extent_delay_real should init br_startblock
2011-01-28 09:13:29 -06:00
aio.c
aio: check return value of create_workqueue()
2011-01-17 05:12:44 -05:00
anon_inodes.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
attr.c
check ATTR_SIZE contraints in inode_change_ok
2010-08-09 16:47:39 -04:00
bad_inode.c
fs: provide rcu-walk aware permission i_ops
2011-01-07 17:50:29 +11:00
binfmt_aout.c
Don't dump task struct in a.out core-dumps
2010-10-14 10:57:40 -07:00
binfmt_elf_fdpic.c
binfmt_elf.c
binfmt_elf: cleanups
2011-01-13 08:03:12 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
convert get_sb_single() users
2010-10-29 04:16:28 -04:00
binfmt_script.c
Make do_execve() take a const filename pointer
2010-08-17 18:07:43 -07:00
binfmt_som.c
bio-integrity.c
bio-integrity: mark kintegrityd_wq highpri and CPU intensive
2011-01-03 15:01:48 +01:00
bio.c
bio: take care not overflow page count when mapping/copying user data
2010-11-10 14:40:43 +01:00
block_dev.c
block: restore multiple bd_link_disk_holder() support
2011-01-14 18:44:22 +01:00
buffer.c
fs: Use this_cpu_inc_return in buffer.c
2010-12-17 15:18:05 +01:00
char_dev.c
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
compat_binfmt_elf.c
compat_ioctl.c
Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
2011-01-07 14:39:20 -08:00
compat.c
compat: copy missing fields in compat_statfs64 to user
2011-01-17 04:54:38 -05:00
dcache.c
fs: fix new dcache.c kernel-doc warnings
2011-01-22 20:32:38 -08:00
dcookies.c
direct-io.c
fs/direct-io.c: don't try to allocate more than BIO_MAX_PAGES in a bio
2011-01-20 17:02:05 -08:00
drop_caches.c
simplify checks for I_CLEAR/I_FREEING
2010-08-09 16:47:44 -04:00
eventfd.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
eventpoll.c
epoll: epoll_wait() should not use timespec_add_ns()
2011-02-02 16:03:18 -08:00
exec.c
vfs: sparse: add __FMODE_EXEC
2011-02-02 16:03:19 -08:00
fcntl.c
vfs: sparse: add __FMODE_EXEC
2011-02-02 16:03:19 -08:00
fifo.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
file_table.c
CRED: Fix kernel panic upon security_file_alloc() failure.
2011-02-04 10:40:29 -08:00
file.c
vfs: use kmalloc() to allocate fdmem if possible
2010-08-11 08:59:02 -07:00
filesystems.c
fs: rcu-walk for path lookup
2011-01-07 17:50:27 +11:00
fs_struct.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
fs-writeback.c
fs/fs-writeback.c: fix sync_inodes_sb() return value kernel-doc
2011-01-13 17:32:48 -08:00
generic_acl.c
fs: provide simple rcu-walk generic_check_acl implementation
2011-01-07 17:50:29 +11:00
inode.c
fs: avoid inode RCU freeing for pseudo fs
2011-01-07 17:50:26 +11:00
internal.h
tidy up around finish_automount()
2011-01-17 01:47:59 -05:00
ioctl.c
fs: make block fiemap mapping length at least blocksize long
2011-02-02 16:03:20 -08:00
ioprio.c
ioprio: grab rcu_read_lock in sys_ioprio_{set,get}()
2010-11-15 10:23:31 +01:00
Kconfig
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT
2011-01-20 17:02:05 -08:00
Kconfig.binfmt
coredump: default CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
2010-10-27 18:03:12 -07:00
libfs.c
pass default dentry_operations to mount_pseudo()
2011-01-12 20:03:43 -05:00
locks.c
Merge branch 'for-2.6.38' of git://linux-nfs.org/~bfields/linux
2011-01-14 13:17:26 -08:00
Makefile
Merge 'staging-next' to Linus's tree
2010-10-28 09:44:56 -07:00
mbcache.c
ext2: Resolve 'dereferencing pointer to incomplete type' when enabling EXT2_XATTR_DEBUG
2011-01-10 19:04:08 +01:00
mpage.c
fs/mpage.c: consolidate code
2011-01-13 17:32:32 -08:00
namei.c
Fix possible filp_cachep memory corruption
2011-02-11 15:53:38 -08:00
namespace.c
tidy up around finish_automount()
2011-01-17 01:47:59 -05:00
nfsctl.c
no-block.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
open.c
Fix possible filp_cachep memory corruption
2011-02-11 15:53:38 -08:00
pipe.c
Fix broken "pipe: use event aware wakeups" optimization
2011-01-20 16:21:59 -08:00
pnode.c
fs: scale mntget/mntput
2011-01-07 17:50:33 +11:00
pnode.h
posix_acl.c
NFS: Prevent memory allocation failure in nfsacl_encode()
2011-01-25 15:24:47 -05:00
read_write.c
fix signedness mess in rw_verify_area() on 64bit architectures
2011-01-12 20:06:58 -05:00
read_write.h
readdir.c
vfs: fix warning: 'dirent' is used uninitialized in this function
2010-08-09 20:45:05 -07:00
select.c
fs/select.c: fix information leak to userspace
2011-01-13 08:03:12 -08:00
seq_file.c
fs: take dcache_lock inside __d_path
2010-10-25 21:26:12 -04:00
signalfd.c
Merge branch 'hwpoison' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-mce-2.6
2010-10-26 10:13:10 -07:00
splice.c
Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block
2011-01-13 10:45:01 -08:00
stack.c
stat.c
Add an AT_NO_AUTOMOUNT flag to suppress terminal automount
2011-01-15 20:07:33 -05:00
statfs.c
add f_flags to struct statfs(64)
2010-08-09 16:48:44 -04:00
super.c
sanitize vfsmount refcounting changes
2011-01-16 13:47:07 -05:00
sync.c
get rid of file_fsync()
2010-08-09 16:47:43 -04:00
timerfd.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
utimes.c
Mark arguments to certain syscalls as being const
2010-08-13 16:53:13 -07:00
xattr_acl.c
xattr.c