linux_dsm_epyc7002/fs/fuse
Lukas Czerner ebacb81273 fuse: fix use-after-free in fuse_direct_IO()
In async IO blocking case the additional reference to the io is taken for
it to survive fuse_aio_complete(). In non blocking case this additional
reference is not needed, however we still reference io to figure out
whether to wait for completion or not. This is wrong and will lead to
use-after-free. Fix it by storing blocking information in separate
variable.

This was spotted by KASAN when running generic/208 fstest.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 744742d692 ("fuse: Add reference counting for fuse_io_priv")
Cc: <stable@vger.kernel.org> # v4.6
2018-11-09 15:52:17 +01:00
..
acl.c
control.c fuse: introduce fc->bg_lock 2018-09-28 16:43:22 +02:00
cuse.c
dev.c fuse: fix possibly missed wake-up after abort 2018-11-09 15:52:16 +01:00
dir.c fuse: enable caching of symlinks 2018-10-15 15:43:07 +02:00
file.c fuse: fix use-after-free in fuse_direct_IO() 2018-11-09 15:52:17 +01:00
fuse_i.h fuse: enable caching of symlinks 2018-10-15 15:43:07 +02:00
inode.c fuse: enable caching of symlinks 2018-10-15 15:43:07 +02:00
Kconfig
Makefile fuse: split out readdir.c 2018-09-28 16:43:23 +02:00
readdir.c fuse: use iversion for readdir cache verification 2018-10-01 10:07:05 +02:00
xattr.c