linux/fs/fuse
Miklos Szeredi 3e8cb8b2ea fuse: fix stack use after return
Normal, synchronous requests will have their args allocated on the stack.
After the FR_FINISHED bit is set by receiving the reply from the userspace
fuse server, the originating task may return and reuse the stack frame,
resulting in an Oops if the args structure is dereferenced.

Fix by setting a flag in the request itself upon initializing, indicating
whether it has an asynchronous ->end() callback.

Reported-by: Kyle Sanderson <kyle.leet@gmail.com>
Reported-by: Michael Stapelberg <michael+lkml@stapelberg.ch>
Fixes: 2b319d1f6f ("fuse: don't dereference req->args on finished request")
Cc: <stable@vger.kernel.org> # v5.4
Tested-by: Michael Stapelberg <michael+lkml@stapelberg.ch>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2020-02-13 09:16:07 +01:00
..
acl.c fuse: Support fuse filesystems outside of init_user_ns 2018-03-20 17:11:44 +01:00
control.c convenience helper: get_tree_single() 2019-07-04 22:01:58 -04:00
cuse.c fuse: use true,false for bool variable 2020-02-06 16:39:28 +01:00
dev.c fuse: fix stack use after return 2020-02-13 09:16:07 +01:00
dir.c fuse: Support RENAME_WHITEOUT flag 2020-02-06 16:39:28 +01:00
file.c fuse: use true,false for bool variable 2020-02-06 16:39:28 +01:00
fuse_i.h fuse: fix stack use after return 2020-02-13 09:16:07 +01:00
inode.c Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-02-08 13:26:41 -08:00
Kconfig fuse: fix Kconfig indentation 2019-11-27 09:35:20 +01:00
Makefile virtio-fs: Change module name to virtiofs.ko 2019-10-14 10:20:33 +02:00
readdir.c fuse: use true,false for bool variable 2020-02-06 16:39:28 +01:00
virtio_fs.c virtiofs: Use completions while waiting for queue to be drained 2019-11-22 13:29:50 +01:00
xattr.c fuse: rearrange and resize fuse_args fields 2019-09-10 16:29:48 +02:00