]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d0bc3b) | patch
ext4: fix use-after-free race in ext4_remount()'s error path
authorTheodore Ts'o <tytso@mit.edu>
Fri, 12 Oct 2018 13:28:09 +0000 (09:28 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Fri, 12 Oct 2018 13:28:09 +0000 (09:28 -0400)
commitb3b141dea2f92d49c53eafd90b267d05dc4b2ea2
treef4732bd54c93bd877209855b3148db771da85b55tree | snapshot
parent6d0bc3b22c2c7bad4f3048a2ba3d42742f660f02commit | diff
ext4: fix use-after-free race in ext4_remount()'s error path

It's possible for ext4_show_quota_options() to try reading
s_qf_names[i] while it is being modified by ext4_remount() --- most
notably, in ext4_remount's error path when the original values of the
quota file name gets restored.

Reported-by: syzbot+a2872d6feea6918008a9@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.2+
fs/ext4/ext4.h diff | blob | history
fs/ext4/super.c diff | blob | history
Linux Kernel Source Tree.