Jan Kara 5716863e0f fsnotify: Fix possible use-after-free in inode iteration on umount ... fsnotify_unmount_inodes() plays complex tricks to pin next inode in the sb->s_inodes list when iterating over all inodes. Furthermore the code has a bug that if the current inode is the last on i_sb_list that does not have e.g. I_FREEING set, then we leave next_i pointing to inode which may get removed from the i_sb_list once we drop s_inode_list_lock thus resulting in use-after-free issues (usually manifesting as infinite looping in fsnotify_unmount_inodes()). Fix the problem by keeping current inode pinned somewhat longer. Then we can make the code much simpler and standard. CC: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz>		2016-12-13 12:57:52 +01:00
..
dnotify	fsnotify: get rid of fsnotify_destroy_mark_locked()	2015-09-04 16:54:41 -07:00
fanotify	fsnotify: clean up spinlock assertions	2016-10-07 18:46:26 -07:00
inotify	fsnotify: convert notification_mutex to a spinlock	2016-10-07 18:46:26 -07:00
fdinfo.c	inotify: hide internal kernel bits from fdinfo	2015-11-05 19:34:48 -08:00
fdinfo.h	fs: Convert show_fdinfo functions to void	2014-11-05 14:13:23 -05:00
fsnotify.c	fsnotify: remove mark->free_list	2015-09-04 16:54:41 -07:00
fsnotify.h	fsnotify: avoid spurious EMFILE errors from inotify_init()	2016-05-19 19:12:14 -07:00
group.c	fsnotify: convert notification_mutex to a spinlock	2016-10-07 18:46:26 -07:00
inode_mark.c	fsnotify: Fix possible use-after-free in inode iteration on umount	2016-12-13 12:57:52 +01:00
Kconfig	rcu: Make SRCU optional by using CONFIG_SRCU	2015-01-06 11:04:29 -08:00
Makefile	fs, notify: add procfs fdinfo helper	2012-12-17 17:15:28 -08:00
mark.c	fsnotify: avoid spurious EMFILE errors from inotify_init()	2016-05-19 19:12:14 -07:00
notification.c	fsnotify: clean up spinlock assertions	2016-10-07 18:46:26 -07:00
vfsmount_mark.c	fsnotify: remove mark->free_list	2015-09-04 16:54:41 -07:00