android_kernel_xiaomi_sm8350/fs
David Chinner 99fa8cb3c5 [XFS] Prevent use-after-free caused by synchronous inode reclaim
With the combined linux and XFS inode, we need to ensure that the combined
structure is not freed before the generic code is finished with the inode.
As it turns out, there is a case where the XFS inode is freed before the
linux inode - when xfs_reclaim() is called from ->clear_inode() on a clean
inode, the xfs inode is freed during that call. The generic code
references the inode after the ->clear_inode() call, so this is a use
after free situation.

Fix the problem by moving the xfs_reclaim() call to ->destroy_inode()
instead of in ->clear_inode(). This ensures the combined inode structure
is not freed until after the generic code has finished with it.

SGI-PV: 988141

SGI-Modid: xfs-linux-melb:xfs-kern:32324a

Signed-off-by: David Chinner <david@fromorbit.com>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
2008-10-30 17:36:40 +11:00
..
9p 9p: fix format warning 2008-10-22 18:48:45 -05:00
adfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
affs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
afs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
autofs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
autofs4 autofs4: add miscellaneous device for ioctls 2008-10-16 11:21:39 -07:00
befs befs: annotate fs32 on tests for superblock endianness 2008-10-16 11:21:46 -07:00
bfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
cifs Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2008-10-23 10:43:36 -07:00
coda Switch to a valid email address... 2008-10-27 08:40:17 -07:00
configfs [PATCH] assorted path_lookup() -> kern_path() conversions 2008-10-23 05:12:52 -04:00
cramfs cramfs: fix named-pipe handling 2008-08-20 15:40:32 -07:00
debugfs integrity: special fs magic 2008-10-13 09:47:43 +11:00
devpts vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
dlm dlm: choose better identifiers 2008-09-05 09:51:30 -05:00
ecryptfs [PATCH] assorted path_lookup() -> kern_path() conversions 2008-10-23 05:12:52 -04:00
efs [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
exportfs [PATCH] prepare vfs_readdir() callers to returning filldir result 2008-10-23 05:13:10 -04:00
ext2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
ext3 ext3: Fix duplicate entries returned from getdents() system call 2008-10-25 22:37:44 -04:00
ext4 ext4: Fix duplicate entries returned from getdents() system call 2008-10-25 22:37:55 -04:00
fat [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
freevxfs
fuse [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
gfs2 [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
hfs [PATCH] move executable checking into ->permission() 2008-10-23 05:13:25 -04:00
hfsplus [PATCH] move executable checking into ->permission() 2008-10-23 05:13:25 -04:00
hostfs [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
hpfs [PATCH] hpfs: cleanup ->setattr 2008-10-23 05:12:58 -04:00
hppfs
hugetlbfs vfs: Use const for kernel parser table 2008-10-13 10:10:37 -07:00
isofs [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
jbd jbd: abort instead of waiting for nonexistent transactions 2008-10-23 08:55:02 -07:00
jbd2 fs/Kconfig: move ext2, ext3, ext4, JBD, JBD2 out 2008-10-20 11:43:59 -07:00
jffs2 [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
jfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
lockd NLM: Remove "proto" argument from lockd_up() 2008-10-04 17:12:27 -04:00
minix
msdos
ncpfs
nfs Switch to a valid email address... 2008-10-27 08:40:17 -07:00
nfs_common
nfsd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2008-10-23 10:22:40 -07:00
nls remove CONFIG_KMOD from fs 2008-10-17 02:38:36 +11:00
ntfs [PATCH] switch all filesystems over to d_obtain_alias 2008-10-23 05:13:01 -04:00
ocfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
omfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
openpromfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
partitions [PATCH] sanitize blkdev_get() and friends 2008-10-21 07:49:06 -04:00
proc Switch to a valid email address... 2008-10-27 08:40:17 -07:00
qnx4
ramfs Ramfs and Ram Disk pages are unevictable 2008-10-20 08:50:26 -07:00
reiserfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
romfs
smbfs
sysfs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
sysv
ubifs Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6 2008-10-20 09:19:03 -07:00
udf [PATCH] get rid of on-stack dentry in udf 2008-10-23 05:13:15 -04:00
ufs [PATCH] fix ->llseek for more directories 2008-10-23 05:13:21 -04:00
vfat
xfs [XFS] Prevent use-after-free caused by synchronous inode reclaim 2008-10-30 17:36:40 +11:00
aio.c
anon_inodes.c
attr.c [patch] vfs: make security_inode_setattr() calling consistent 2008-10-23 05:13:27 -04:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c binfmt_elf_fdpic: Update for cputime changes. 2008-10-20 20:17:18 -07:00
binfmt_elf.c Merge branch 'v28-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-10-20 13:19:56 -07:00
binfmt_em86.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_flat.c uclinux: fix gzip header parsing in binfmt_flat.c 2008-10-16 11:21:29 -07:00
binfmt_misc.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_script.c Allow recursion in binfmt_script and binfmt_misc 2008-10-16 11:21:38 -07:00
binfmt_som.c binfmt_som.c: add MODULE_LICENSE 2008-10-16 11:21:38 -07:00
bio-integrity.c block: Introduce integrity data ownership flag 2008-10-09 08:56:21 +02:00
bio.c block: mark bio_split_pool static 2008-10-09 08:57:05 +02:00
block_dev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
buffer.c fs: buffer lock use lock bitops 2008-10-20 08:52:32 -07:00
char_dev.c [PATCH] tidy up chrdev_open 2008-10-23 05:12:59 -04:00
compat_binfmt_elf.c
compat_ioctl.c
compat.c select: deal with math overflow from borderline valid userland data 2008-10-26 11:22:08 -07:00
dcache.c [PATCH] fs: add a sanity check in d_free 2008-10-23 05:17:12 -04:00
dcookies.c
direct-io.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
dnotify.c
dquot.c [PATCH] switch quota_on-related stuff to kern_path() 2008-10-23 05:12:44 -04:00
drop_caches.c
eventfd.c
eventpoll.c epoll: avoid double-inserts in case of EFAULT 2008-10-26 12:09:49 -07:00
exec.c coredump: format_corename: don't append .%pid if multi-threaded 2008-10-20 08:52:39 -07:00
fcntl.c
fifo.c [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
file_table.c [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
file.c
filesystems.c proc: move /proc/filesystems to fs/filesystems.c 2008-10-23 14:27:09 +04:00
fs-writeback.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
generic_acl.c
inode.c Inode: Allow external list initialisation 2008-10-30 17:35:24 +11:00
inotify_user.c inotify: fix lock ordering wrt do_page_fault's mmap_sem 2008-10-02 15:53:13 -07:00
inotify.c
internal.h
ioctl.c provide generic_block_fiemap() only with BLOCK=y 2008-10-12 11:44:37 -07:00
ioprio.c fix setpriority(PRIO_PGRP) thread iterator breakage 2008-08-20 15:40:32 -07:00
Kconfig [patch 1/3] FS_MBCACHE: don't needlessly make it built-in 2008-10-23 05:13:26 -04:00
Kconfig.binfmt add CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS 2008-10-20 08:52:39 -07:00
libfs.c [PATCH] new helper: d_obtain_alias 2008-10-23 05:13:00 -04:00
locks.c Merge branch 'proc' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc 2008-10-23 12:04:37 -07:00
Makefile Configure out AIO support 2008-10-16 11:21:51 -07:00
mbcache.c
mpage.c Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
namei.c [PATCH] move executable checking into ->permission() 2008-10-23 05:13:25 -04:00
namespace.c [RFC PATCH] touch_mnt_namespace when the mount flags change 2008-10-23 05:13:23 -04:00
nfsctl.c
no-block.c
open.c [PATCH] introduce fmode_t, do annotations 2008-10-21 07:47:06 -04:00
pipe.c
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c [PATCH] generic_file_llseek tidyups 2008-10-23 05:12:59 -04:00
read_write.h
readdir.c [PATCH] prepare vfs_readdir() callers to returning filldir result 2008-10-23 05:13:10 -04:00
select.c select: deal with math overflow from borderline valid userland data 2008-10-26 11:22:08 -07:00
seq_file.c seq_file: add seq_cpumask_list(), seq_nodemask_list() 2008-10-20 08:52:39 -07:00
signalfd.c
splice.c Don't allow splice() to files opened with O_APPEND 2008-10-09 14:26:38 -07:00
stack.c
stat.c
super.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev 2008-10-23 10:23:07 -07:00
sync.c
timerfd.c hrtimer: convert timerfd to the new hrtimer apis 2008-09-05 21:35:09 -07:00
utimes.c
xattr_acl.c
xattr.c