leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7cabc61e01
linux/fs/fuse
History
Robert Doebbelin 7cabc61e01 fuse: do not use iocb after it may have been freed 
There's a race in fuse_direct_IO(), whereby is_sync_kiocb() is called on an
iocb that could have been freed if async io has already completed.  The fix
in this case is simple and obvious: cache the result before starting io.

It was discovered by KASan:

kernel: ==================================================================
kernel: BUG: KASan: use after free in fuse_direct_IO+0xb1a/0xcc0 at addr ffff88036c414390

Signed-off-by: Robert Doebbelin <robert@quobyte.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: bcba24ccdc ("fuse: enable asynchronous processing direct IO")
Cc: <stable@vger.kernel.org> # 3.10+
2016-03-14 15:02:50 +01:00
..
control.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
cuse.c cuse: fix memory leak 2015-11-10 10:32:36 +01:00
dev.c fs/fuse: fix ioctl type confusion 2015-08-16 12:35:44 -07:00
dir.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
file.c fuse: do not use iocb after it may have been freed 2016-03-14 15:02:50 +01:00
fuse_i.h fuse: add support for SEEK_HOLE and SEEK_DATA in lseek 2015-11-10 10:32:37 +01:00
inode.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
Kconfig fuse: Move CUSE Kconfig entry from fs/Kconfig into fs/fuse/Kconfig 2013-01-17 13:08:45 +01:00
Makefile CUSE: implement CUSE - Character device in Userspace 2009-06-09 11:24:11 +02:00