Miklos Szeredi 6ef8232790 fuse: fix page dereference after free ...

commit d78092e4937de9ce55edcb4ee4c5e3c707be0190 upstream.

After unlock_request() pages from the ap->pages[] array may be put (e.g. by
aborting the connection) and the pages can be freed.

Prevent use after free by grabbing a reference to the page before calling
unlock_request().

The original patch was created by Pradeep P V K.

Reported-by: Pradeep P V K <ppvk@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2020-11-05 11:08:34 +01:00

..

acl.c

fuse: Support fuse filesystems outside of init_user_ns

2018-03-20 17:11:44 +01:00

control.c

fuse: use READ_ONCE on congestion_threshold and max_background

2019-11-20 18:47:53 +01:00

cuse.c

fuse: fix memleak in cuse_channel_open

2019-10-11 18:21:20 +02:00

dev.c

fuse: fix page dereference after free

2020-11-05 11:08:34 +01:00

dir.c

fuse: verify attributes

2019-12-13 08:52:36 +01:00

file.c

fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS

2020-07-22 09:32:10 +02:00

fuse_i.h

fuse: verify attributes

2019-12-13 08:52:36 +01:00

inode.c

fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock

2019-10-05 13:10:13 +02:00

Kconfig

fuse: Add posix ACL support

2016-10-01 07:32:32 +02:00

Makefile

fuse: Use generic xattr ops

2016-10-01 07:32:32 +02:00

xattr.c

fuse: Ensure posix acls are translated outside of init_user_ns

2018-05-31 12:26:10 +02:00