bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-05 23:05:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
31ad74b20227ce6b40910ff78b1c604e42975cf1
linux/fs
History
Zizhi Wo 31ad74b202 cachefiles: Fix NULL pointer dereference in object->file 
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:

	  [write fd]				[umount]
cachefiles_ondemand_fd_write_iter
				       fscache_cookie_state_machine
					 cachefiles_withdraw_cookie
  if (!file) return -ENOBUFS
					   cachefiles_clean_up_object
					     cachefiles_unmark_inode_in_use
					     fput(object->file)
					     object->file = NULL
  // file NULL pointer dereference!
  __cachefiles_write(..., file, ...)

Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.

Fixes: c838305450 ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
2024-11-11 14:39:38 +01:00
..
9p
netfs: Speed up buffered reading
2024-09-12 12:20:41 +02:00
adfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
affs
Merge tag 'affs-for-6.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
2024-09-16 13:07:59 +02:00
afs
afs: Fix the setting of the server responding flag
2024-09-27 18:29:20 +02:00
autofs
autofs: add per dentry expire timeout
2024-08-30 08:22:36 +02:00
bcachefs
Merge tag 'bcachefs-2024-09-28' of git://evilpiepirate.org/bcachefs
2024-09-29 09:17:44 -07:00
befs
befs: Convert befs_symlink_read_folio() to use folio_end_read()
2024-05-31 12:31:39 +02:00
bfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
btrfs
Merge tag 'for-6.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
2024-09-23 11:49:02 -07:00
cachefiles
cachefiles: Fix NULL pointer dereference in object->file
2024-11-11 14:39:38 +01:00
ceph
Merge tag 'ceph-for-6.12-rc1' of https://github.com/ceph/ceph-client
2024-09-28 08:40:36 -07:00
coda
coda: use param->file for FSCONFIG_SET_FD
2024-08-19 13:45:03 +02:00
configfs
fs/configfs: Add a callback to determine attribute visibility
2024-06-17 20:42:57 +02:00
cramfs
Merge tag 'vfs-6.11.module.description' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-07-15 11:14:59 -07:00
crypto
Merge tag 'mm-stable-2024-05-17-19-19' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-05-19 09:21:03 -07:00
debugfs
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
devpts
dlm
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
ecryptfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
efivarfs
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
efs
Merge tag 'vfs-6.11.module.description' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-07-15 11:14:59 -07:00
erofs
erofs: reject inodes with negative i_size
2024-09-12 23:00:09 +08:00
exfat
exfat: resolve memory leak from exfat_create_upcase_table()
2024-09-23 21:38:13 +09:00
exportfs
fhandle: relax open_by_handle_at() permission checks
2024-05-28 15:57:23 +02:00
ext2
Merge tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 09:14:02 +02:00
ext4
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
f2fs
Merge tag 'f2fs-for-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
2024-09-24 15:12:38 -07:00
fat
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
freevxfs
freevxfs: Convert freevxfs to the new mount API.
2024-03-26 09:04:53 +01:00
fuse
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
gfs2
Merge tag 'gfs2-v6.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
2024-09-23 11:55:17 -07:00
hfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
hfsplus
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
hostfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
hpfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
hugetlbfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
iomap
Merge tag 'vfs-6.12.blocksize' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
2024-09-20 17:53:17 -07:00
isofs
isofs: Annotate struct SL_component with __counted_by()
2024-09-02 15:52:56 +02:00
jbd2
jbd2: remove unneeded check of ret in jbd2_fc_get_buf
2024-08-26 23:49:15 -04:00
jffs2
jffs2: Use a folio in jffs2_garbage_collect_dnode()
2024-08-19 13:40:00 +02:00
jfs
Merge tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy
2024-09-19 06:38:43 +02:00
kernfs
kernfs: mount: Remove unnecessary ‘NULL’ values from knparent
2024-05-04 19:02:39 +02:00
lockd
sunrpc: allow svc threads to fail initialisation cleanly
2024-09-20 19:31:03 -04:00
minix
buffer: Convert __block_write_begin() to take a folio
2024-08-07 11:33:36 +02:00
netfs
Merge patch series "Random netfs folio fixes"
2024-10-07 13:45:29 +02:00
nfs
Merge tag 'nfs-for-6.12-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
2024-09-24 15:44:18 -07:00
nfs_common
nfs: add LOCALIO support
2024-09-23 15:03:30 -04:00
nfsd
nfsd: implement server support for NFS_LOCALIO_PROGRAM
2024-09-23 15:03:30 -04:00
nilfs2
Merge tag 'mm-nonmm-stable-2024-09-21-07-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-09-21 08:20:50 -07:00
nls
fs: nls: add missing MODULE_DESCRIPTION() macros
2024-06-03 16:37:07 +02:00
notify
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
ntfs3
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
ocfs2
ocfs2: fix uninit-value in ocfs2_get_block()
2024-09-26 14:01:45 -07:00
omfs
fs: Convert aops->write_begin to take a folio
2024-08-07 11:33:21 +02:00
openpromfs
openpromfs: add missing MODULE_DESCRIPTION() macro
2024-06-20 09:46:01 +02:00
orangefs
Merge tag 'for-linux-6.12-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
2024-09-20 19:34:00 -07:00
overlayfs
ovl: fix file leak in ovl_real_fdget_meta()
2024-09-27 12:38:47 -07:00
proc
Merge tag 'sysctl-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl
2024-09-24 11:08:40 -07:00
pstore
Merge tag 'drm-next-2024-09-19' of https://gitlab.freedesktop.org/drm/kernel
2024-09-19 10:18:15 +02:00
qnx4
qnx4: add MODULE_DESCRIPTION()
2024-05-28 11:52:53 +02:00
qnx6
qnx6: Convert directory handling to use kmap_local
2024-08-07 11:31:56 +02:00
quota
Merge tag 'fs_for_v6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2024-09-23 10:49:28 -07:00
ramfs
mm: switch mm->get_unmapped_area() to a flag
2024-04-25 20:56:25 -07:00
reiserfs
buffer: Convert __block_write_begin() to take a folio
2024-08-07 11:33:36 +02:00
romfs
romfs: fix romfs_read_folio()
2024-08-21 22:32:58 +02:00
smb
Merge tag 'v6.12-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd
2024-09-28 08:35:21 -07:00
squashfs
Merge tag 'mm-nonmm-stable-2024-09-21-07-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-09-21 08:20:50 -07:00
sysfs
Merge 6.9-rc5 into driver-core-next
2024-04-23 13:27:43 +02:00
sysv
buffer: Convert __block_write_begin() to take a folio
2024-08-07 11:33:36 +02:00
tests
execve: Move KUnit tests to tests/ subdirectory
2024-07-22 18:25:47 -07:00
tracefs
eventfs: Use list_del_rcu() for SRCU protected list variable
2024-09-05 10:18:48 -04:00
ubifs
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
udf
Merge tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 09:14:02 +02:00
ufs
Merge tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 09:14:02 +02:00
unicode
unicode: add MODULE_DESCRIPTION() macros
2024-06-20 19:30:02 -04:00
vboxsf
fs: Convert aops->write_end to take a folio
2024-08-07 11:32:02 +02:00
verity
fsverity: expose verified fsverity built-in signatures to LSMs
2024-08-20 14:03:18 -04:00
xfs
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
zonefs
iomap: add a private argument for iomap_file_buffered_write
2024-09-03 15:01:23 +02:00
aio.c
fs/aio: Fix __percpu annotation of *cpu pointer in struct kioctx
2024-08-19 13:45:03 +02:00
anon_inodes.c
fs: Create anon_inode_getfile_fmode()
2024-04-26 10:33:05 +02:00
attr.c
Merge tag 'nfsd-6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
2024-08-29 06:20:44 +12:00
backing-file.c
backing-file: convert to using fops->splice_write
2024-08-23 13:08:31 +02:00
bad_inode.c
binfmt_elf_fdpic.c
binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
2024-08-26 13:00:38 -07:00
binfmt_elf.c
Revert "binfmt_elf, coredump: Log the reason of the failed core dumps"
2024-09-26 11:39:02 -07:00
binfmt_flat.c
binfmt_flat: Fix corruption when not offsetting data start
2024-08-09 20:19:00 -07:00
binfmt_misc.c
Merge tag 'vfs-6.11.module.description' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-07-15 11:14:59 -07:00
binfmt_script.c
fs: binfmt: add missing MODULE_DESCRIPTION() macros
2024-05-28 12:06:51 +02:00
bpf_fs_kfuncs.c
bpf: Add kfunc bpf_get_dentry_xattr() to read xattr from dentry
2024-08-07 11:26:54 -07:00
buffer.c
Merge tag 'vfs-6.12.folio' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 08:54:30 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c
Revert "binfmt_elf, coredump: Log the reason of the failed core dumps"
2024-09-26 11:39:02 -07:00
d_path.c
dax.c
dax: use huge_zero_folio
2024-04-25 20:56:20 -07:00
dcache.c
Merge tag 'vfs-6.12.misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 08:35:09 +02:00
direct-io.c
fs/direct-io: Remove linux/prefetch.h include
2024-08-19 13:45:02 +02:00
drop_caches.c
sysctl: treewide: constify the ctl_table argument of proc_handlers
2024-07-24 20:59:29 +02:00
eventfd.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
eventpoll.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
exec.c
Merge tag 'mm-stable-2024-09-20-02-31' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2024-09-21 07:29:05 -07:00
fcntl.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
fhandle.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
file_table.c
Merge tag 'slab-for-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab
2024-09-18 08:53:53 +02:00
file.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
filesystems.c
fs_context.c
fs_parser.c
fs_parse: add uid & gid option option parsing helpers
2024-07-02 06:20:49 +02:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
inode: port __I_SYNC to var event
2024-08-30 08:22:39 +02:00
fsopen.c
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
init.c
inode.c
Merge tag 'bcachefs-2024-09-21' of git://evilpiepirate.org/bcachefs
2024-09-23 10:05:41 -07:00
internal.h
file: reclaim 24 bytes from f_owner
2024-08-28 13:05:39 +02:00
ioctl.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
Kconfig
Merge tag 'nfs-for-6.12-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
2024-09-24 15:44:18 -07:00
Kconfig.binfmt
exec: Add KUnit test for bprm_stack_limits()
2024-06-19 13:13:55 -07:00
kernel_read_file.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
libfs.c
Merge tag 'vfs-6.12.folio' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 08:54:30 +02:00
locks.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
Makefile
bpf: introduce new VFS based BPF kfuncs
2024-08-06 09:01:41 -07:00
mbcache.c
vfs: remove SLAB_MEM_SPREAD flag usage
2024-02-27 11:21:31 +01:00
mnt_idmapping.c
Merge tag 'fuse-update-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2024-09-24 15:29:42 -07:00
mount.h
Merge tag 'vfs-6.12.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 11:15:26 +02:00
mpage.c
buffer: Remove calls to set and clear the folio error flag
2024-05-31 12:31:43 +02:00
namei.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
namespace.c
Merge tag 'fuse-update-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2024-09-24 15:29:42 -07:00
nsfs.c
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
open.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
pidfs.c
pidfs: check for valid pid namespace
2024-09-27 18:29:19 +02:00
pipe.c
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
pnode.c
pnode.h
posix_acl.c
fs: Use in_group_or_capable() helper to simplify the code
2024-08-30 08:22:37 +02:00
proc_namespace.c
fs: rename show_mnt_opts -> show_vfsmnt_opts
2024-06-28 14:36:43 +02:00
read_write.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
readdir.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
remap_range.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
select.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
seq_file.c
seq_file: Simplify __seq_puts()
2024-05-02 16:28:20 +02:00
signalfd.c
Merge tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2024-09-23 09:35:36 -07:00
splice.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
stack.c
stat.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
statfs.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
super.c
Merge tag 'vfs-6.12.misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs
2024-09-16 08:35:09 +02:00
sync.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
sysctls.c
timerfd.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
userfaultfd.c
mm/hugetlb: remove hugetlb_follow_page_mask() leftover
2024-09-01 20:25:57 -07:00
utimes.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00
xattr.c
introduce fd_file(), convert all accessors to it.
2024-08-12 22:00:43 -04:00