Miklos Szeredi 1b47891c58 fuse: fix page dereference after free ...

commit d78092e4937de9ce55edcb4ee4c5e3c707be0190 upstream.

After unlock_request() pages from the ap->pages[] array may be put (e.g. by
aborting the connection) and the pages can be freed.

Prevent use after free by grabbing a reference to the page before calling
unlock_request().

The original patch was created by Pradeep P V K.

Reported-by: Pradeep P V K <ppvk@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2020-11-10 10:23:51 +01:00

..

acl.c

fuse: Add posix ACL support

2016-10-01 07:32:32 +02:00

control.c

fuse: use READ_ONCE on congestion_threshold and max_background

2019-11-25 09:53:08 +01:00

cuse.c

fuse: fix memleak in cuse_channel_open

2019-10-17 13:42:12 -07:00

dev.c

fuse: fix page dereference after free

2020-11-10 10:23:51 +01:00

dir.c

fuse: verify attributes

2019-12-21 10:41:30 +01:00

file.c

fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS

2020-07-22 09:10:53 +02:00

fuse_i.h

fuse: verify attributes

2019-12-21 10:41:30 +01:00

inode.c

fuse: Fix oops at process_init_reply()

2018-09-05 09:20:08 +02:00

Kconfig

fuse: Add posix ACL support

2016-10-01 07:32:32 +02:00

Makefile

fuse: Use generic xattr ops

2016-10-01 07:32:32 +02:00

xattr.c

fuse: limit xattr returned size

2016-10-03 11:06:05 +02:00