[PATCH 3.18 24/86] ceph: fix use-after-free on symlink traversal

2019-05-15 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH 4.4 105/266] ceph: fix use-after-free on symlink traversal

2019-05-15 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH 4.14 42/49] ceph: fix use-after-free on symlink traversal

2019-05-02 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH 5.0 074/101] ceph: fix use-after-free on symlink traversal

2019-05-02 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH 4.9 26/32] ceph: fix use-after-free on symlink traversal

2019-05-02 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH 4.19 61/72] ceph: fix use-after-free on symlink traversal

2019-05-02 Thread Greg Kroah-Hartman
[ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton Signed-off-by: Ilya

[PATCH AUTOSEL 5.0 71/98] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

[PATCH AUTOSEL 4.19 57/68] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

[PATCH AUTOSEL 4.14 36/43] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

[PATCH AUTOSEL 4.9 24/29] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

[PATCH AUTOSEL 3.18 12/15] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

[PATCH AUTOSEL 4.4 18/21] ceph: fix use-after-free on symlink traversal

2019-04-22 Thread Sasha Levin
From: Al Viro [ Upstream commit daf5cc27eed99afdea8d96e71b89ba41f5406ef6 ] free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro Reviewed-by: Jeff Layton

Re: ceph: fix use-after-free on symlink traversal

2019-03-26 Thread Ilya Dryomov
On Tue, Mar 26, 2019 at 2:39 AM Al Viro wrote: > > free the symlink body after the same RCU delay we have for freeing the > struct inode itself, so that traversal during RCU pathwalk wouldn't step > into freed memory. > > Signed-off-by: Al Viro > --- > diff --git a/fs/ceph/inode.c

Re: ceph: fix use-after-free on symlink traversal

2019-03-26 Thread Jeff Layton
On Mon, Mar 25, 2019 at 9:39 PM Al Viro wrote: > > free the symlink body after the same RCU delay we have for freeing the > struct inode itself, so that traversal during RCU pathwalk wouldn't step > into freed memory. > > Signed-off-by: Al Viro > --- > diff --git a/fs/ceph/inode.c

ceph: fix use-after-free on symlink traversal

2019-03-25 Thread Al Viro
free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro --- diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c index e3346628efe2..2d61ddda9bf5 100644 ---