iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d0de4dc584
linux/fs
History
Eric Paris d0de4dc584 inotify: fix double free/corruption of stuct user 
On an error path in inotify_init1 a normal user can trigger a double
free of struct user.  This is a regression introduced by a2ae4cc9a1
("inotify: stop kernel memory leak on file creation failure").

We fix this by making sure that if a group exists the user reference is
dropped when the group is cleaned up.  We should not explictly drop the
reference on error and also drop the reference when the group is cleaned
up.

The new lifetime rules are that an inotify group lives from
inotify_new_group to the last fsnotify_put_group.  Since the struct user
and inotify_devs are directly tied to this lifetime they are only
changed/updated in those two locations.  We get rid of all special
casing of struct user or user->inotify_devs.

Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: stable@kernel.org (2.6.37 and up)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-04-05 15:27:14 -07:00
..
9p userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
adfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
affs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
afs afs: Fix oops in afs_unlink_writeback 2011-02-25 11:12:37 -08:00
autofs4 autofs4: Do not potentially dereference NULL pointer returned by fget() in autofs_dev_ioctl_setpipefd() 2011-03-24 14:54:35 -04:00
befs block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
bfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2011-04-05 12:29:25 -07:00
cachefiles
ceph Merge git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-03-30 09:46:09 -07:00
cifs block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
coda codafs: fix build break when CONFIG_PROC_SYSCTL=n 2011-03-25 17:45:16 -07:00
configfs
cramfs
debugfs debugfs: Fix filesystem reference counting on debugfs_remove() failure 2011-02-18 08:07:18 -08:00
devpts fs/devpts/inode.c: correctly check d_alloc_name() return code in devpts_pty_new() 2011-03-22 17:44:17 -07:00
dlm dlm: use alloc_workqueue function 2011-03-10 13:22:34 -06:00
ecryptfs eCryptfs: write lock requested keys 2011-03-28 01:49:43 -05:00
efs block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
exofs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
exportfs vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
ext2 Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ext3 Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ext4 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2011-03-25 09:57:41 -07:00
fat Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
freevxfs block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
fscache
fuse Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
gfs2 Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
hfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
hfsplus Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
hostfs
hpfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
hppfs
hugetlbfs mm: hugetlbfs: change remove_from_page_cache 2011-03-22 17:44:02 -07:00
isofs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
jbd Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
jbd2 Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
jffs2 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 into for-linus-1 2011-03-25 17:41:20 +02:00
jfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
lockd
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-24 19:01:30 -07:00
minix Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ncpfs fs: change to new flag variable 2011-03-17 14:02:57 +01:00
nfs fs: don't use igrab() while holding i_lock 2011-03-29 07:50:34 -07:00
nfs_common Remove pointless memset in nfsacl_encode() 2011-03-22 20:03:52 -04:00
nfsd Merge branch 'for-2.6.39' of git://linux-nfs.org/~bfields/linux 2011-03-24 08:20:39 -07:00
nilfs2 nilfs2: fix whitespace coding style issues 2011-03-30 17:39:54 +09:00
nls
notify inotify: fix double free/corruption of stuct user 2011-04-05 15:27:14 -07:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-24 19:01:30 -07:00
ocfs2 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2 2011-03-28 13:03:31 -07:00
omfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
openpromfs
partitions Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
proc proc: fix oops on invalid /proc/<pid>/maps access 2011-03-27 19:09:29 -07:00
pstore pstore: cleanups to pstore_dump() 2011-03-22 16:01:49 -07:00
qnx4 block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
quota fs: move i_sb_list out from under inode_lock 2011-03-24 21:16:32 -04:00
ramfs
reiserfs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
romfs
squashfs Squashfs: Use vmalloc rather than kmalloc for zlib workspace 2011-03-22 23:01:26 +00:00
sysfs
sysv Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ubifs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
udf Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ufs Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
xfs Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs 2011-03-28 15:51:02 -07:00
aio.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
anon_inodes.c
attr.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-23 20:51:42 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Require subsystems to explicitly allocate bio_set integrity mempool 2011-03-17 11:11:05 +01:00
bio.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
block_dev.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-24 19:01:30 -07:00
buffer.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-24 19:01:30 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c select: remove unused MAX_SELECT_SECONDS 2011-03-21 00:16:08 -04:00
dcache.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-18 10:51:11 -07:00
dcookies.c
direct-io.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
drop_caches.c fs: move i_sb_list out from under inode_lock 2011-03-24 21:16:32 -04:00
eventfd.c Docbook: add fs/eventfd.c and fix typos in it 2011-02-21 15:07:04 -08:00
eventpoll.c epoll: fix compiler warning and optimize the non-blocking path 2011-03-22 17:44:15 -07:00
exec.c Small typo fix... 2011-03-21 00:16:09 -04:00
fcntl.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
fhandle.c vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
fifo.c Filesystem: fifo: Fixed coding style issue. 2011-03-21 00:16:09 -04:00
file_table.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-16 13:26:17 -07:00
file.c
filesystems.c
fs_struct.c
fs-writeback.c fs: pull inode->i_lock up out of writeback_single_inode 2011-03-24 21:17:51 -04:00
generic_acl.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
inode.c fs: fix inode.c kernel-doc warning 2011-03-27 19:30:19 -07:00
internal.h fs: move i_wb_list out from under inode_lock 2011-03-24 21:17:51 -04:00
ioctl.c vfs: cleanup do_vfs_ioctl() 2011-03-21 00:16:08 -04:00
ioprio.c
Kconfig Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2011-03-16 19:01:29 -07:00
Kconfig.binfmt
libfs.c
locks.c Merge branch 'for-2.6.39' of git://linux-nfs.org/~bfields/linux 2011-03-24 08:20:39 -07:00
Makefile Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2011-03-16 19:01:29 -07:00
mbcache.c
mpage.c fs: make mpage read/write_pages() plug 2011-03-10 08:52:26 +01:00
namei.c vfs - check non-mountpoint dentry might block in __follow_mount_rcu() 2011-03-24 14:24:32 -04:00
namespace.c fs: use appropriate printk priority levels 2011-03-22 17:44:10 -07:00
nfsctl.c open-style analog of vfs_path_lookup() 2011-03-14 09:15:28 -04:00
no-block.c
open.c fs: Use BUG_ON(!mnt) at dentry_open(). 2011-03-21 01:10:41 -04:00
pipe.c
pnode.c
pnode.h
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c select: remove unused MAX_SELECT_SECONDS 2011-03-21 00:16:08 -04:00
seq_file.c
signalfd.c
splice.c
stack.c
stat.c readlinkat(), fchownat() and fstatat() with empty relative pathnames 2011-03-15 02:21:45 -04:00
statfs.c clean statfs-like syscalls up 2011-03-14 09:15:28 -04:00
super.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
sync.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
timerfd.c
utimes.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
xattr_acl.c
xattr.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00