evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/fscache
History
Eric Biggers aa3a0a70bd FS-Cache: fix dereference of NULL user_key_payload 
commit d124b2c53c7bee6569d2a2d0b18b4a1afde00134 upstream.

When the file /proc/fs/fscache/objects (available with
CONFIG_FSCACHE_OBJECT_LIST=y) is opened, we request a user key with
description "fscache:objlist", then access its payload.  However, a
revoked key has a NULL payload, and we failed to check for this.
request_key() *does* skip revoked keys, but there is still a window
where the key can be revoked before we access its payload.

Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.

Fixes: 4fbf4291aa ("FS-Cache: Allow the current state of all objects to be dumped")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-27 10:23:18 +02:00
..
cache.c fs/fscache: convert printk to pr_foo() 2014-06-04 16:53:51 -07:00
cookie.c fscache: Clear outstanding writes when disabling a cookie 2017-06-17 06:39:37 +02:00
fsdef.c FS-Cache: Provide the ability to enable/disable cookies 2013-09-27 18:40:25 +01:00
histogram.c fs/fscache: replace seq_printf by seq_puts 2014-06-04 16:53:52 -07:00
internal.h FS-Cache: The operation cancellation method needs calling in more places 2015-04-02 14:28:53 +01:00
Kconfig fscache: drop references to slow-work 2010-07-22 22:58:58 +02:00
main.c fs/fscache: make ctl_table static 2014-08-06 18:01:12 -07:00
Makefile
netfs.c FS-Cache: Initialise stores_lock in netfs cookie 2017-06-17 06:39:37 +02:00
object-list.c FS-Cache: fix dereference of NULL user_key_payload 2017-10-27 10:23:18 +02:00
object.c fscache: Clear outstanding writes when disabling a cookie 2017-06-17 06:39:37 +02:00
operation.c FS-Cache: Retain the netfs context in the retrieval op earlier 2015-04-02 14:28:53 +01:00
page.c FS-Cache: Handle a write to the page immediately beyond the EOF marker 2015-11-11 02:11:02 -05:00
proc.c
stats.c FS-Cache: Count the number of initialised operations 2015-04-02 14:28:53 +01:00