lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34a47f7ddb
android_kernel_xiaomi_sm8350/fs
History
Haimin Zhang e19c3149a8 jfs: prevent NULL deref in diFree 
[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]

Add validation check for JFS_IP(ipimap)->i_imap to prevent a NULL deref
in diFree since diFree uses it without do any validations.
When function jfs_mount calls diMount to initialize fileset inode
allocation map, it can fail and JFS_IP(ipimap)->i_imap won't be
initialized. Then it calls diFreeSpecial to close fileset inode allocation
map inode and it will flow into jfs_evict_inode. Function jfs_evict_inode
just validates JFS_SBI(inode->i_sb)->ipimap, then calls diFree. diFree use
JFS_IP(ipimap)->i_imap directly, then it will cause a NULL deref.

Reported-by: TCS Robot <tcs_robot@tencent.com>
Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-15 14:18:36 +02:00
..
9p
adfs
affs
afs afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation 2021-09-30 10:09:22 +02:00
autofs
befs
bfs
btrfs btrfs: add missing run of delayed items after unlink during log replay 2022-03-08 19:07:50 +01:00
cachefiles
ceph ceph: fix handling of "meta" errors 2021-10-27 09:54:27 +02:00
cifs cifs: fix double free race when mount fails in cifs_get_root() 2022-03-08 19:07:45 +01:00
coda
configfs configfs: fix a race in configfs_{,un}register_subsystem() 2022-03-02 11:41:10 +01:00
cramfs
crypto
debugfs debugfs: lockdown: Allow reading debugfs files that are not world readable 2022-01-27 09:19:36 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:24:34 +01:00
dlm fs: dlm: filter user dlm messages for kernel locks 2022-01-27 09:19:40 +01:00
ecryptfs
efivarfs
efs
erofs erofs: fix unsafe pagevec reuse of hooked pclusters 2021-11-21 13:38:51 +01:00
exportfs
ext2 ext2: correct max file size computing 2022-04-15 14:18:13 +02:00
ext4 ext4: don't BUG if someone dirty pages without asking ext4 first 2022-04-15 14:18:23 +02:00
f2fs f2fs: fix to avoid potential deadlock 2022-04-15 14:18:06 +02:00
fat
freevxfs
fscache fscache: Fix cookie key hashing 2021-09-22 12:26:25 +02:00
fuse fuse: fix pipe buffer lifetime for direct_io 2022-03-16 13:21:47 +01:00
gfs2 gfs2: Make sure FITRIM minlen is rounded up to fs block size 2022-04-15 14:18:28 +02:00
hfs
hfsplus
hostfs
hpfs
hugetlbfs
iomap mm/swap: consider max pages in iomap_swapfile_add_extent 2021-09-15 09:47:35 +02:00
isofs isofs: Fix out of bound access for corrupted isofs image 2021-11-12 14:43:03 +01:00
jbd2
jffs2 jffs2: fix memory leak in jffs2_scan_medium 2022-04-15 14:17:59 +02:00
jfs jfs: prevent NULL deref in diFree 2022-04-15 14:18:36 +02:00
kernfs
lockd lockd: lockd server-side shouldn't set fl_ops 2021-09-22 12:26:34 +02:00
minix minix: fix bug when opening a file with O_DIRECT 2022-04-15 14:18:35 +02:00
nfs NFS: swap-out must always use STABLE writes. 2022-04-15 14:18:36 +02:00
nfs_common
nfsd NFSD: prevent underflow in nfssvc_decode_writeargs() 2022-04-15 14:17:59 +02:00
nilfs2 nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group 2021-09-26 14:07:13 +02:00
nls
notify
ntfs ntfs: add sanity check on allocation size 2022-04-15 14:18:23 +02:00
ocfs2 ocfs2: fix crash when initialize filecheck kobj fails 2022-03-23 09:12:06 +01:00
omfs
openpromfs
orangefs orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() 2022-01-20 09:19:17 +01:00
overlayfs ovl: fix warning in ovl_create_real() 2021-12-22 09:29:40 +01:00
proc proc/vmcore: fix clearing user buffer by properly using clear_user() 2021-12-01 09:23:31 +01:00
pstore
qnx4 qnx4: work around gcc false positive warning bug 2021-09-30 10:09:26 +02:00
qnx6
quota quota: make dquot_quota_sync return errors from ->sync_fs 2022-02-23 11:59:55 +01:00
ramfs
reiserfs
romfs
squashfs
sysfs
sysv
tracefs tracefs: Set the group ownership in apply_options() not parse_options() 2022-03-02 11:41:13 +01:00
ubifs ubifs: Rectify space amount budget for mkdir/tmpfile operations 2022-04-15 14:18:31 +02:00
udf udf: Fix NULL ptr deref when converting from inline format 2022-02-01 17:24:34 +01:00
ufs
unicode
verity fs-verity: fix signed integer overflow with i_size near S64_MAX 2021-10-06 15:42:30 +02:00
xfs xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate 2022-01-11 15:23:32 +01:00
aio.c aio: fix use-after-free due to missing POLLFREE handling 2021-12-14 14:49:02 +01:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings 2021-10-06 15:42:35 +02:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c
buffer.c
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
coredump.c
d_path.c
dax.c
dcache.c
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-27 09:54:27 +02:00
fcntl.c
fhandle.c
file_table.c
file.c fget: clarify and improve __fget_files() implementation 2022-03-02 11:41:18 +01:00
filesystems.c
fs_context.c memcg: charge fs_context and legacy_fs_context 2022-02-08 18:24:29 +01:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fsopen.c
inode.c
internal.h
io_uring.c
ioctl.c
Kconfig
Kconfig.binfmt
libfs.c
locks.c
Makefile
mbcache.c
mount.h
mpage.c
namei.c fsnotify: invalidate dcache before IN_DELETE event 2022-02-01 17:24:39 +01:00
namespace.c
no-block.c
nsfs.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-29 10:25:11 +01:00
seq_file.c
signalfd.c signalfd: use wake_up_pollfree() 2021-12-14 14:49:02 +01:00
splice.c
stack.c
stat.c
statfs.c
super.c vfs: make freeze_super abort when sync_filesystem returns error 2022-02-23 11:59:55 +01:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: prevent concurrent API initialization 2021-09-22 12:26:26 +02:00
utimes.c
xattr.c