linux/fs/notify
Sasha Levin 105d1b4253 fsnotify: don't put user context if it was never assigned
On some failure paths we may attempt to free user context even if it
wasn't assigned yet.  This will cause a NULL ptr deref and a kernel BUG.

The path I was looking at is in inotify_new_group():

        oevent = kmalloc(sizeof(struct inotify_event_info), GFP_KERNEL);
        if (unlikely(!oevent)) {
                fsnotify_destroy_group(group);
                return ERR_PTR(-ENOMEM);
        }

fsnotify_destroy_group() would get called here, but
group->inotify_data.user is only getting assigned later:

	group->inotify_data.user = get_current_user();

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: John McCutchan <john@johnmccutchan.com>
Cc: Robert Love <rlove@rlove.org>
Cc: Eric Paris <eparis@parisplace.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-10-09 22:25:45 -04:00
..
dnotify inotify: Fix reporting of cookies for inotify events 2014-02-18 11:17:17 +01:00
fanotify fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
inotify fsnotify: don't put user context if it was never assigned 2014-10-09 22:25:45 -04:00
fdinfo.c fs/notify: don't show f_handle if exportfs_encode_inode_fh failed 2014-09-10 15:42:12 -07:00
fdinfo.h fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
fsnotify.c inotify: Fix reporting of cookies for inotify events 2014-02-18 11:17:17 +01:00
fsnotify.h fs/notify/group.c: make fsnotify_final_destroy_group() static 2014-10-09 22:25:45 -04:00
group.c fs/notify/group.c: make fsnotify_final_destroy_group() static 2014-10-09 22:25:45 -04:00
inode_mark.c list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00
Kconfig fanotify: allow fanotify to be built 2010-10-28 17:22:13 -04:00
Makefile fs, notify: add procfs fdinfo helper 2012-12-17 17:15:28 -08:00
mark.c fs/notify/mark.c: trivial cleanup 2014-06-04 16:53:52 -07:00
notification.c fanotify: fix double free of pending permission events 2014-08-06 18:01:12 -07:00
vfsmount_mark.c list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00