Xiubo Li 8e1858710d ceph: avoid use-after-free in ceph_fl_release_lock() ...

When ceph releasing the file_lock it will try to get the inode pointer
from the fl->fl_file, which the memory could already be released by
another thread in filp_close(). Because in VFS layer the fl->fl_file
doesn't increase the file's reference counter.

Will switch to use ceph dedicate lock info to track the inode.

And in ceph_fl_release_lock() we should skip all the operations if the
fl->fl_u.ceph.inode is not set, which should come from the request
file_lock. And we will set fl->fl_u.ceph.inode when inserting it to the
inode lock list, which is when copying the lock.

Link: https://tracker.ceph.com/issues/57986
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

2023-01-02 12:27:25 +01:00

..

9p

Merge tag '9p-for-6.2-rc1' of https://github.com/martinetd/linux

2022-12-23 11:39:18 -08:00

adfs

fs: Convert block_read_full_page() to block_read_full_folio()

2022-05-09 16:21:44 -04:00

affs

affs: move from strlcpy with unused retval to strscpy

2022-08-19 13:03:10 +02:00

afs

afs: Stop implementing ->writepage()

2022-12-22 11:40:35 +00:00

autofs

autofs: remove unused ino field inode

2022-07-17 17:31:42 -07:00

befs

befs: Convert befs_symlink_read_folio() to use a folio

2022-08-02 12:34:03 -04:00

bfs

fs: Convert block_read_full_page() to block_read_full_folio()

2022-05-09 16:21:44 -04:00

btrfs

Merge tag 'hardening-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2022-12-14 12:20:00 -08:00

cachefiles

fscache,cachefiles: add prepare_ondemand_read() callback

2022-12-07 10:56:29 +08:00

ceph

ceph: avoid use-after-free in ceph_fl_release_lock()

2023-01-02 12:27:25 +01:00

cifs

Merge tag '6.2-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6

2022-12-21 10:40:08 -08:00

coda

coda: Convert coda_symlink_filler() to use a folio

2022-08-02 12:34:03 -04:00

configfs

configfs: fix possible memory leak in configfs_create_dir()

2022-12-02 11:11:22 +01:00

cramfs

cramfs: read_mapping_page() is synchronous

2022-08-02 12:34:02 -04:00

crypto

Merge tag 'for-6.2/block-2022-12-08' of git://git.kernel.dk/linux

2022-12-13 10:43:59 -08:00

debugfs

debugfs: fix error when writing negative value to atomic_t debugfs file

2022-11-30 16:13:16 -08:00

devpts

…

dlm

Treewide: Stop corrupting socket's task_frag

2022-12-19 17:28:49 -08:00

ecryptfs

ecryptfs: use stub posix acl handlers

2022-10-20 10:13:31 +02:00

efivarfs

efi: vars: prohibit reading random seed variables

2022-12-01 09:51:21 +01:00

efs

efs: Convert efs symlinks to read_folio

2022-05-09 16:21:45 -04:00

erofs

Merge tag 'erofs-for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs

2022-12-12 20:14:04 -08:00

exfat

Merge tag 'exfat-for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat

2022-12-15 18:14:21 -08:00

exportfs

exportfs: use pr_debug for unreachable debug statements

2022-11-28 12:54:45 -05:00

ext2

Merge tag 'fixes_for_v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

2022-12-12 20:32:50 -08:00

ext4

treewide: Convert del_timer*() to timer_shutdown*()

2022-12-25 13:38:09 -08:00

f2fs

Merge tag 'f2fs-for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs

2022-12-14 15:27:57 -08:00

fat

Merge tag 'mm-stable-2022-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-12-13 19:29:45 -08:00

freevxfs

freevxfs: Convert vxfs_immed_read_folio() to use a folio

2022-08-02 12:34:03 -04:00

fscache

Merge tag 'pull-iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-12-12 18:29:54 -08:00

fuse

Merge tag 'mm-stable-2022-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-12-13 19:29:45 -08:00

gfs2

Merge tag 'gfs2-v6.1-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2

2022-12-17 08:18:04 -06:00

hfs

Merge tag 'mm-stable-2022-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-12-13 19:29:45 -08:00

hfsplus

Merge tag 'mm-stable-2022-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-12-13 19:29:45 -08:00

hostfs

hostfs: move from strlcpy with unused retval to strscpy

2022-09-19 22:46:25 +02:00

hpfs

hpfs: remove ->writepage

2022-12-11 18:12:18 -08:00

hugetlbfs

hugetlbfs: inode: remove unnecessary (void*) conversions

2022-11-30 15:58:56 -08:00

iomap

Merge tag 'xfs-6.2-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

2022-12-14 10:11:51 -08:00

isofs

Merge tag 'mm-nonmm-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-10-12 11:00:22 -07:00

jbd2

jbd2: switch jbd2_submit_inode_data() to use fs-provided hook for data writeout

2022-12-08 21:49:25 -05:00

jffs2

fs: rename current get acl method

2022-10-20 10:13:27 +02:00

jfs

Merge tag 'mm-stable-2022-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-12-13 19:29:45 -08:00

kernfs

kernfs: fix all kernel-doc warnings and multiple typos

2022-11-23 19:28:26 +01:00

ksmbd

Merge tag '6.2-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd

2022-12-15 09:29:19 -08:00

lockd

Merge tag 'nfsd-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

2022-12-12 20:54:39 -08:00

minix

vfs: open inside ->tmpfile()

2022-09-24 07:00:00 +02:00

netfs

use less confusing names for iov_iter direction initializers

2022-11-25 13:01:55 -05:00

nfs

Merge tag 'driver-core-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

2022-12-16 03:54:54 -08:00

nfs_common

…

nfsd

Merge tag 'nfsd-6.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

2022-12-19 09:10:33 -06:00

nilfs2

treewide: Convert del_timer*() to timer_shutdown*()

2022-12-25 13:38:09 -08:00

nls

…

notify

Merge tag 'fsnotify-for_v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

2022-10-07 08:28:50 -07:00

ntfs

Merge tag 'mm-nonmm-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-10-12 11:00:22 -07:00

ntfs3

Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3

2022-12-21 10:18:17 -08:00

ocfs2

Treewide: Stop corrupting socket's task_frag

2022-12-19 17:28:49 -08:00

omfs

omfs: remove ->writepage

2022-12-11 18:12:18 -08:00

openpromfs

…

orangefs

Merge tag 'for-linus-6.2-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux

2022-12-14 11:16:33 -08:00

overlayfs

Merge tag 'ovl-update-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

2022-12-12 20:18:26 -08:00

proc

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

2022-12-15 11:12:21 -08:00

pstore

Merge tag 'pstore-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2022-12-23 11:55:54 -08:00

qnx4

fs: Convert block_read_full_page() to block_read_full_folio()

2022-05-09 16:21:44 -04:00

qnx6

fs/qnx6: delete unnecessary checks before brelse()

2022-09-11 21:55:07 -07:00

quota

ext4: fix bug_on in __es_tree_search caused by bad quota inode

2022-12-08 21:49:23 -05:00

ramfs

Merge tag 'pull-tmpfile' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-10-10 19:45:17 -07:00

reiserfs

Merge tag 'lsm-pr-20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

2022-12-13 09:47:48 -08:00

romfs

romfs: Convert romfs to read_folio

2022-05-09 16:21:46 -04:00

smbfs_common

smb3: define missing create contexts

2022-10-05 01:55:27 -05:00

squashfs

Merge tag 'fs.idmapped.squashfs.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 20:24:51 -08:00

sysfs

kobject: kobj_type: remove default_attrs

2022-04-05 15:39:19 +02:00

sysv

fs: sysv: Fix sysv_nblocks() returns wrong value

2022-12-10 14:13:37 -05:00

tracefs

tracefs: Only clobber mode/uid/gid on remount if asked

2022-09-08 17:10:54 -04:00

ubifs

treewide: use get_random_u32_below() instead of deprecated function

2022-11-18 02:15:15 +01:00

udf

Merge tag 'fixes_for_v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

2022-12-12 20:32:50 -08:00

ufs

ufs: replace ll_rw_block()

2022-09-11 20:26:07 -07:00

unicode

…

vboxsf

vboxsf: Convert vboxsf to read_folio

2022-05-09 16:21:46 -04:00

verity

fsverity: simplify fsverity_get_digest()

2022-11-29 21:07:41 -08:00

xfs

Merge tag 'xfs-6.2-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

2022-12-14 10:11:51 -08:00

zonefs

zonefs: Fix active zone accounting

2022-11-25 17:01:22 +09:00

aio.c

use less confusing names for iov_iter direction initializers

2022-11-25 13:01:55 -05:00

anon_inodes.c

dynamic_dname(): drop unused dentry argument

2022-08-20 11:34:04 -04:00

attr.c

attr: use consistent sgid stripping checks

2022-10-18 10:09:47 +02:00

bad_inode.c

fs: rename current get acl method

2022-10-20 10:13:27 +02:00

binfmt_elf_fdpic.c

binfmt: Fix error return code in load_elf_fdpic_binary()

2022-12-01 19:15:52 -08:00

binfmt_elf_test.c

…

binfmt_elf.c

Merge tag 'pull-elfcore' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-12-12 18:18:34 -08:00

binfmt_flat.c

binfmt_flat: Remove shared library support

2022-04-22 10:57:18 -07:00

binfmt_misc.c

binfmt_misc: fix shift-out-of-bounds in check_special_flags

2022-12-02 13:57:04 -08:00

binfmt_script.c

…

buffer.c

Merge tag 'mm-nonmm-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

2022-10-12 11:00:22 -07:00

char_dev.c

chardev: fix error handling in cdev_device_add()

2022-12-02 17:48:59 +01:00

compat_binfmt_elf.c

…

coredump.c

Merge tag 'hardening-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2022-12-14 12:20:00 -08:00

d_path.c

d_path.c: typo fix...

2022-08-20 11:34:33 -04:00

dax.c

fsdax,xfs: port unshare to fsdax

2022-12-11 18:12:17 -08:00

dcache.c

Merge tag 'pull-tmpfile' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-10-10 19:45:17 -07:00

direct-io.c

block: remove PSI accounting from the bio layer

2022-09-20 08:24:38 -06:00

drop_caches.c

…

eventfd.c

eventfd: provide a eventfd_signal_mask() helper

2022-11-22 06:07:55 -07:00

eventpoll.c

eventpoll: add EPOLL_URING_WAKE poll wakeup flag

2022-11-21 07:45:29 -07:00

exec.c

Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 19:20:05 -08:00

fcntl.c

keep iocb_flags() result cached in struct file

2022-06-10 16:10:23 -04:00

fhandle.c

do_sys_name_to_handle(): constify path

2022-09-01 17:36:39 -04:00

file_table.c

locks: fix TOCTOU race when granting write lease

2022-08-16 10:59:54 -04:00

file.c

fs: use acquire ordering in __fget_light()

2022-10-31 15:30:11 -04:00

filesystems.c

…

fs_context.c

…

fs_parser.c

ext4: journal_path mount options should follow links

2022-12-01 10:46:54 -05:00

fs_pin.c

…

fs_struct.c

…

fs_types.c

…

fs-writeback.c

Merge tag 'for-6.2/writeback-2022-12-12' of git://git.kernel.dk/linux

2022-12-15 18:09:48 -08:00

fsopen.c

uninline may_mount() and don't opencode it in fspick(2)/fsopen(2)

2022-05-19 23:25:10 -04:00

init.c

…

inode.c

Merge tag 'fs.vfsuid.conversion.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 19:20:05 -08:00

internal.h

Merge tag 'fs.ovl.setgid.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 19:03:10 -08:00

ioctl.c

Merge tag 'vfs-5.18-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

2022-04-01 19:35:56 -07:00

Kconfig

hugetlb: make hugetlb depends on SYSFS or SYSCTL

2022-09-11 20:26:10 -07:00

Kconfig.binfmt

Merge tag 'xtensa-20221010' of https://github.com/jcmvbkbc/linux-xtensa

2022-10-10 14:21:11 -07:00

kernel_read_file.c

fs/kernel_read_file: allow to read files up-to ssize_t

2022-06-16 19:58:21 -07:00

libfs.c

libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value

2022-11-30 16:13:16 -08:00

locks.c

Add process name and pid to locks warning

2022-11-30 05:08:10 -05:00

Makefile

a.out: Remove the a.out implementation

2022-09-27 07:11:02 -07:00

mbcache.c

ext4: fix deadlock due to mbcache entry corruption

2022-12-08 21:49:25 -05:00

mount.h

switch try_to_unlazy_next() to __legitimize_mnt()

2022-07-05 16:18:21 -04:00

mpage.c

Merge tag 'folio-6.0' of git://git.infradead.org/users/willy/pagecache

2022-08-03 10:35:43 -07:00

namei.c

Merge tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

2022-12-13 09:14:50 -08:00

namespace.c

Merge tag 'fs.idmapped.mnt_idmap.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 19:30:18 -08:00

no-block.c

…

nsfs.c

dynamic_dname(): drop unused dentry argument

2022-08-20 11:34:04 -04:00

open.c

Merge tag 'landlock-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

2022-12-13 09:14:50 -08:00

pipe.c

dynamic_dname(): drop unused dentry argument

2022-08-20 11:34:04 -04:00

pnode.c

pnode: terminate at peers of source

2022-12-21 14:45:25 +01:00

pnode.h

…

posix_acl.c

Merge tag 'fs.idmapped.mnt_idmap.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-12 19:30:18 -08:00

proc_namespace.c

vfs: escape hash as well

2022-06-28 13:58:05 -04:00

read_write.c

Merge tag 'pull-iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-12-12 18:29:54 -08:00

readdir.c

Change calling conventions for filldir_t

2022-08-17 17:25:04 -04:00

remap_range.c

Merge tag 'vfs-6.2-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

2022-12-13 10:26:38 -08:00

select.c

…

seq_file.c

use less confusing names for iov_iter direction initializers

2022-11-25 13:01:55 -05:00

signalfd.c

…

splice.c

use less confusing names for iov_iter direction initializers

2022-11-25 13:01:55 -05:00

stack.c

…

stat.c

fs: use type safe idmapping helpers

2022-10-26 10:02:34 +02:00

statfs.c

…

super.c

Merge tag 'pull-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2022-12-12 18:38:47 -08:00

sync.c

riscv: compat: syscall: Add compat_sys_call_table implementation

2022-04-26 13:36:25 -07:00

sysctls.c

…

timerfd.c

…

userfaultfd.c

fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()

2022-11-07 12:58:26 -08:00

utimes.c

…

xattr.c

Merge tag 'fs.xattr.simple.rework.rbtree.rwlock.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping

2022-12-13 10:08:36 -08:00