kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/fs/ubifs
History
Artem Bityutskiy 33f1a63ae8 UBIFS: prepare to fix a horrid bug 
Al Viro pointed me to the fact that '->readdir()' and '->llseek()' have no
mutual exclusion, which means the 'ubifs_dir_llseek()' can be run while we are
in the middle of 'ubifs_readdir()'.

First of all, this means that 'file->private_data' can be freed while
'ubifs_readdir()' uses it.  But this particular patch does not fix the problem.
This patch is only a preparation, and the fix will follow next.

In this patch we make 'ubifs_readdir()' stop using 'file->f_pos' directly,
because 'file->f_pos' can be changed by '->llseek()' at any point. This may
lead 'ubifs_readdir()' to returning inconsistent data: directory entry names
may correspond to incorrect file positions.

So here we introduce a local variable 'pos', read 'file->f_pose' once at very
the beginning, and then stick to 'pos'. The result of this is that when
'ubifs_dir_llseek()' changes 'file->f_pos' while we are in the middle of
'ubifs_readdir()', the latter "wins".

Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2013-06-29 12:45:37 +04:00
..
budget.c No big changes for 3.7 in UBIFS: 2012-10-02 20:47:48 -07:00
commit.c UBIFS: print less 2012-08-31 17:32:58 +03:00
compress.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
debug.c UBIFS: rename random32() to prandom_u32() 2013-01-15 15:45:27 +02:00
debug.h UBIFS: print less 2012-08-31 17:32:58 +03:00
dir.c UBIFS: prepare to fix a horrid bug 2013-06-29 12:45:37 +04:00
file.c aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
find.c UBIFS: fix mounting problems after power cuts 2012-10-26 16:26:44 +03:00
gc.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
io.c UBI: Kill data type hint 2012-05-20 20:25:59 +03:00
ioctl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
journal.c userns: Convert ubifs to use kuid/kgid 2012-09-21 03:13:36 -07:00
Kconfig UBIFS: remove Kconfig debugging option 2012-05-16 19:53:46 +03:00
key.h UBIFS: mark unused key objects as invalid 2010-08-30 10:19:08 +03:00
log.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
lprops.c UBIFS: introduce categorized lprops counter 2012-10-26 16:00:26 +03:00
lpt.c UBIFS: print less 2012-08-31 17:32:58 +03:00
lpt_commit.c UBIFS: rename random32() to prandom_u32() 2013-01-15 15:45:27 +02:00
Makefile UBIFS: remove Kconfig debugging option 2012-05-16 19:53:46 +03:00
master.c UBI: Kill data type hint 2012-05-20 20:25:59 +03:00
misc.h UBIFS: introduce more I/O helpers 2011-07-04 10:54:33 +03:00
orphan.c UBIFS: fix double free of ubifs_orphan objects 2013-02-04 12:31:48 +02:00
recovery.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
replay.c UBIFS: print less 2012-08-31 17:32:58 +03:00
sb.c No big changes for 3.7 in UBIFS: 2012-10-02 20:47:48 -07:00
scan.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
shrinker.c UBIFS: fix shrinker object count reports 2011-06-03 18:12:24 +03:00
super.c UBIFS: make space fixup work in the remount case 2013-03-14 11:20:22 +02:00
tnc.c UBIFS: 2012-05-22 19:30:27 -07:00
tnc_commit.c UBIFS: rename random32() to prandom_u32() 2013-01-15 15:45:27 +02:00
tnc_misc.c UBIFS: print less 2012-08-31 17:32:58 +03:00
ubifs-media.h UBIFS: add a superblock flag for free space fix-up 2011-05-16 14:12:14 +03:00
ubifs.h UBIFS: fix double free of ubifs_orphan objects 2013-02-04 12:31:48 +02:00
xattr.c UBIFS: 2012-05-22 19:30:27 -07:00