diff options
| author | Jan Kara <jack@suse.cz> | 2014-02-21 13:14:11 -0500 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2014-02-25 05:18:06 -0500 |
| commit | ff57cd5863cf3014c1c5ed62ce2715294f065b17 (patch) | |
| tree | c9bc7bd04326afc92d85a476d28453218c40e14e /fs/notify/fanotify | |
| parent | 482ef06c5e946aae360f247dc69471ec031e09d2 (diff) | |
fsnotify: Allocate overflow events with proper type
Commit 7053aee26a35 "fsnotify: do not share events between notification
groups" used overflow event statically allocated in a group with the
size of the generic notification event. This causes problems because
some code looks at type specific parts of event structure and gets
confused by a random data it sees there and causes crashes.
Fix the problem by allocating overflow event with type corresponding to
the group type so code cannot get confused.
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/notify/fanotify')
| -rw-r--r-- | fs/notify/fanotify/fanotify_user.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index b6175fa11bf8..287a22c04149 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c | |||
| @@ -698,6 +698,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) | |||
| 698 | struct fsnotify_group *group; | 698 | struct fsnotify_group *group; |
| 699 | int f_flags, fd; | 699 | int f_flags, fd; |
| 700 | struct user_struct *user; | 700 | struct user_struct *user; |
| 701 | struct fanotify_event_info *oevent; | ||
| 701 | 702 | ||
| 702 | pr_debug("%s: flags=%d event_f_flags=%d\n", | 703 | pr_debug("%s: flags=%d event_f_flags=%d\n", |
| 703 | __func__, flags, event_f_flags); | 704 | __func__, flags, event_f_flags); |
| @@ -730,8 +731,20 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) | |||
| 730 | group->fanotify_data.user = user; | 731 | group->fanotify_data.user = user; |
| 731 | atomic_inc(&user->fanotify_listeners); | 732 | atomic_inc(&user->fanotify_listeners); |
| 732 | 733 | ||
| 734 | oevent = kmem_cache_alloc(fanotify_event_cachep, GFP_KERNEL); | ||
| 735 | if (unlikely(!oevent)) { | ||
| 736 | fd = -ENOMEM; | ||
| 737 | goto out_destroy_group; | ||
| 738 | } | ||
| 739 | group->overflow_event = &oevent->fse; | ||
| 740 | fsnotify_init_event(group->overflow_event, NULL, FS_Q_OVERFLOW); | ||
| 741 | oevent->tgid = get_pid(task_tgid(current)); | ||
| 742 | oevent->path.mnt = NULL; | ||
| 743 | oevent->path.dentry = NULL; | ||
| 744 | |||
| 733 | group->fanotify_data.f_flags = event_f_flags; | 745 | group->fanotify_data.f_flags = event_f_flags; |
| 734 | #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS | 746 | #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS |
| 747 | oevent->response = 0; | ||
| 735 | mutex_init(&group->fanotify_data.access_mutex); | 748 | mutex_init(&group->fanotify_data.access_mutex); |
| 736 | init_waitqueue_head(&group->fanotify_data.access_waitq); | 749 | init_waitqueue_head(&group->fanotify_data.access_waitq); |
| 737 | INIT_LIST_HEAD(&group->fanotify_data.access_list); | 750 | INIT_LIST_HEAD(&group->fanotify_data.access_list); |