linux/fs/notify
Jan Kara 5838d4442b fanotify: fix double free of pending permission events
Commit 8581679424 ("fanotify: Fix use after free for permission
events") introduced a double free issue for permission events which are
pending in group's notification queue while group is being destroyed.
These events are freed from fanotify_handle_event() but they are not
removed from groups notification queue and thus they get freed again
from fsnotify_flush_notify().

Fix the problem by removing permission events from notification queue
before freeing them if we skip processing access response.  Also expand
comments in fanotify_release() to explain group shutdown in detail.

Fixes: 8581679424
Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Douglas Leeder <douglas.leeder@sophos.com>
Tested-by: Douglas Leeder <douglas.leeder@sophos.com>
Reported-by: Heinrich Schuchard <xypron.glpk@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-06 18:01:12 -07:00
..
dnotify inotify: Fix reporting of cookies for inotify events 2014-02-18 11:17:17 +01:00
fanotify fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
inotify fsnotify: rename event handling functions 2014-08-06 18:01:12 -07:00
fdinfo.c Merge branch 'for-next' of git://git.infradead.org/users/eparis/notify 2012-12-20 20:11:52 -08:00
fdinfo.h fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
fsnotify.c inotify: Fix reporting of cookies for inotify events 2014-02-18 11:17:17 +01:00
fsnotify.h fsnotify: remove global fsnotify groups lists 2010-07-28 10:18:54 -04:00
group.c fsnotify: Allocate overflow events with proper type 2014-02-25 11:18:06 +01:00
inode_mark.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
Kconfig fanotify: allow fanotify to be built 2010-10-28 17:22:13 -04:00
Makefile fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
mark.c fs/notify/mark.c: trivial cleanup 2014-06-04 16:53:52 -07:00
notification.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
vfsmount_mark.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00