qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/fs
History
Al Viro 214b7049a7 Fix dnotify/close race 
We have a race between fcntl() and close() that can lead to
dnotify_struct inserted into inode's list *after* the last descriptor
had been gone from current->files.

Since that's the only point where dnotify_struct gets evicted, we are
screwed - it will stick around indefinitely.  Even after struct file in
question is gone and freed.  Worse, we can trigger send_sigio() on it at
any later point, which allows to send an arbitrary signal to arbitrary
process if we manage to apply enough memory pressure to get the page
that used to host that struct file and fill it with the right pattern...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2008-04-30 20:09:00 -07:00
..
9p
adfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
affs affs: be*_add_cpu conversion 2008-04-30 08:29:51 -07:00
afs afs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
autofs
autofs4 fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
befs
bfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
cifs
coda
configfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
cramfs
debugfs DEBUGFS: Correct location of debugfs API documentation. 2008-04-30 16:52:47 -07:00
devpts
dlm fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ecryptfs
efs
exportfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ext2
ext3
ext4
fat fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
freevxfs
fuse fuse: fix sparse warnings 2008-04-30 08:29:51 -07:00
gfs2 fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
hfs hfs: fix warning with 64k PAGE_SIZE 2008-04-30 08:29:52 -07:00
hfsplus hfsplus: fix warning with 64k PAGE_SIZE 2008-04-30 08:29:52 -07:00
hostfs
hpfs
hppfs
hugetlbfs mm: bdi: add separate writeback accounting capability 2008-04-30 08:29:50 -07:00
isofs
jbd
jbd2
jffs2 fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
jfs
lockd fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
minix
msdos fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ncpfs
nfs
nfs_common
nfsd fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
nls
ntfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ocfs2 mm: bdi: add separate writeback accounting capability 2008-04-30 08:29:50 -07:00
openpromfs
partitions fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
proc mm: Add NR_WRITEBACK_TEMP counter 2008-04-30 08:29:50 -07:00
qnx4
ramfs mm: bdi: add separate writeback accounting capability 2008-04-30 08:29:50 -07:00
reiserfs reiserfs: use open_bdev_excl 2008-04-30 08:29:51 -07:00
romfs
smbfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
sysfs sysfs: Disallow truncation of files in sysfs 2008-04-30 16:52:46 -07:00
sysv sysv: [bl]e*_add_cpu conversion 2008-04-30 08:29:52 -07:00
udf fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ufs
vfat fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
xfs
Kconfig
Kconfig.binfmt
Makefile
aio.c debugobjects: add timer specific object debugging code 2008-04-30 08:29:53 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio.c
block_dev.c
buffer.c fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
char_dev.c
compat.c
compat_binfmt_elf.c
compat_ioctl.c
dcache.c
dcookies.c
direct-io.c
dnotify.c Fix dnotify/close race 2008-04-30 20:09:00 -07:00
dquot.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c
fcntl.c
fifo.c
file.c
file_table.c
filesystems.c
fs-writeback.c
generic_acl.c
inode.c
inotify.c
inotify_user.c
internal.h
ioctl.c
ioprio.c
libfs.c
locks.c
mbcache.c
mpage.c
namei.c
namespace.c fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
nfsctl.c
no-block.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
quota.c
quota_v1.c
quota_v2.c quota: le*_add_cpu conversion 2008-04-30 08:29:51 -07:00
read_write.c
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
super.c
sync.c
timerfd.c
utimes.c
xattr.c
xattr_acl.c