evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/ocfs2
History
Pan Bian 466570dc30 ocfs2: fix potential use after free 
[ Upstream commit 164f7e586739d07eb56af6f6d66acebb11f315c8 ]

ocfs2_get_dentry() calls iput(inode) to drop the reference count of
inode, and if the reference count hits 0, inode is freed.  However, in
this function, it then reads inode->i_generation, which may result in a
use after free bug.  Move the put operation later.

Link: http://lkml.kernel.org/r/1543109237-110227-1-git-send-email-bianpan2016@163.com
Fixes: 781f200cb7a("ocfs2: Remove masklog ML_EXPORT.")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <ge.changwei@h3c.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2018-12-17 21:55:12 +01:00
..
cluster ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent 2018-07-22 14:25:52 +02:00
dlm ocfs2: fix locking for res->tracking and dlm->tracking_list 2018-10-10 08:52:13 +02:00
dlmfs VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
acl.c ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute 2018-05-30 07:48:55 +02:00
acl.h ocfs2: fix posix_acl_create deadlock 2016-05-18 17:06:44 -07:00
alloc.c ocfs2: fstrim: Fix start offset of first cluster group during fstrim 2017-11-08 10:06:28 +01:00
alloc.h
aops.c fs: add i_blocksize() 2017-06-14 13:16:24 +02:00
aops.h ocfs2: remove OCFS2_IOCB_SEM lock type in direct io 2015-06-24 17:49:39 -07:00
blockcheck.c
blockcheck.h
buffer_head_io.c ocfs2: fix ocfs2 read block panic 2018-09-29 03:08:53 -07:00
buffer_head_io.h
dcache.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
dcache.h
dir.c ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry 2018-11-21 09:27:42 +01:00
dir.h VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
dlmglue.c ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 2017-10-21 17:09:05 +02:00
dlmglue.h ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 2017-10-21 17:09:05 +02:00
export.c ocfs2: fix potential use after free 2018-12-17 21:55:12 +01:00
export.h
extent_map.c ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
extent_map.h
file.c Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" 2017-12-09 18:42:43 +01:00
file.h
heartbeat.c
heartbeat.h
inode.c ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
inode.h ocfs2: only take lock if dio entry when recover orphans 2015-11-05 19:34:48 -08:00
ioctl.c ioctl_compat: handle FITRIM 2015-07-09 11:42:21 -07:00
ioctl.h
journal.c ocfs2: return error when we attempt to access a dirty bh in jbd2 2018-05-30 07:48:55 +02:00
journal.h
Kconfig
localalloc.c ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
localalloc.h
locks.c ocfs2: fix flock panic issue 2015-12-29 17:45:49 -08:00
locks.h
Makefile
mmap.c
mmap.h
move_extents.c ocfs2: fix deadlock caused by ocfs2_defrag_extent() 2018-12-17 21:55:12 +01:00
move_extents.h
namei.c ocfs2: fix posix_acl_create deadlock 2016-05-18 17:06:44 -07:00
namei.h ocfs2: do not include dio entry in case of orphan scan 2015-11-05 19:34:48 -08:00
ocfs1_fs_compat.h
ocfs2.h ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 2017-10-21 17:09:05 +02:00
ocfs2_fs.h treewide: fix typos in comment blocks 2015-08-07 14:46:24 +02:00
ocfs2_ioctl.h
ocfs2_lockid.h
ocfs2_lockingver.h
ocfs2_trace.h
quota.h
quota_global.c
quota_local.c ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
refcounttree.c ocfs2: fix posix_acl_create deadlock 2016-05-18 17:06:44 -07:00
refcounttree.h
reservations.c
reservations.h
resize.c ocfs2: fix BUG when calculate new backup super 2015-12-29 17:45:49 -08:00
resize.h
slot_map.c ocfs2: one function call less in ocfs2_init_slot_info() after error detection 2015-04-14 16:48:57 -07:00
slot_map.h
stack_o2cb.c ocfs2: avoid a pointless delay in o2cb_cluster_check() 2015-04-14 16:48:57 -07:00
stack_user.c char: make misc_deregister a void function 2015-08-05 10:35:49 -07:00
stackglue.c ocfs2: fix crash caused by stale lvb with fsdlm plugin 2017-01-19 20:17:19 +01:00
stackglue.h ocfs2: fix crash caused by stale lvb with fsdlm plugin 2017-01-19 20:17:19 +01:00
suballoc.c ocfs2: improve performance for localalloc 2015-11-05 19:34:48 -08:00
suballoc.h
super.c ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid 2018-05-30 07:48:55 +02:00
super.h ocfs2: neaten do_error, ocfs2_error and ocfs2_abort 2015-09-04 16:54:41 -07:00
symlink.c
symlink.h
sysfile.c
sysfile.h
uptodate.c
uptodate.h
xattr.c ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute 2018-05-30 07:48:55 +02:00
xattr.h ocfs2: fix posix_acl_create deadlock 2016-05-18 17:06:44 -07:00