Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/fs/afs
History
David Howells 4cb6829647 afs: Fix memory leak when mounting with multiple source parameters 
There's a memory leak in afs_parse_source() whereby multiple source=
parameters overwrite fc->source in the fs_context struct without freeing
the previously recorded source.

Fix this by only permitting a single source parameter and rejecting with
an error all subsequent ones.

This was caught by syzbot with the kernel memory leak detector, showing
something like the following trace:

  unreferenced object 0xffff888114375440 (size 32):
    comm "repro", pid 5168, jiffies 4294923723 (age 569.948s)
    backtrace:
      slab_post_alloc_hook+0x42/0x79
      __kmalloc_track_caller+0x125/0x16a
      kmemdup_nul+0x24/0x3c
      vfs_parse_fs_string+0x5a/0xa1
      generic_parse_monolithic+0x9d/0xc5
      do_new_mount+0x10d/0x15a
      do_mount+0x5f/0x8e
      __do_sys_mount+0xff/0x127
      do_syscall_64+0x2d/0x3a
      entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: 13fcc68370 ("afs: Add fs_context support")
Reported-by: syzbot+86dc6632faaca40133ab@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2020-12-08 15:59:25 -08:00
..
Kconfig
Makefile
addr_list.c
afs.h
afs_cm.h
afs_fs.h
afs_vl.h
cache.c
callback.c
cell.c afs: Fix tracing deref-before-check 2020-10-27 22:05:56 +00:00
cmservice.c
dir.c afs: Fix speculative status fetch going out of order wrt to modifications 2020-11-22 11:27:03 -08:00
dir_edit.c afs: Fix to take ref on page when PG_private is set 2020-10-29 13:53:04 +00:00
dir_silly.c
dynroot.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
file.c afs: Fix afs_invalidatepage to adjust the dirty region 2020-10-29 13:53:04 +00:00
flock.c
fs_operation.c
fs_probe.c
fsclient.c
inode.c afs: Fix speculative status fetch going out of order wrt to modifications 2020-11-22 11:27:03 -08:00
internal.h afs: Fix speculative status fetch going out of order wrt to modifications 2020-11-22 11:27:03 -08:00
main.c afs: Fix rapid cell addition/removal by not using RCU on cells tree 2020-10-16 14:04:59 +01:00
misc.c
mntpt.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
proc.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
protocol_uae.h
protocol_yfs.h
rotate.c
rxrpc.c
security.c
server.c afs: Don't assert on unpurgeable server records 2020-10-16 14:39:34 +01:00
server_list.c
super.c afs: Fix memory leak when mounting with multiple source parameters 2020-12-08 15:59:25 -08:00
vl_alias.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
vl_list.c
vl_probe.c
vl_rotate.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
vlclient.c
volume.c afs: Add tracing for cell refcount and active user count 2020-10-16 14:39:21 +01:00
write.c afs: Fix afs_write_end() when called with copied == 0 [ver #3] 2020-11-14 11:51:18 -08:00
xattr.c afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op 2020-11-03 09:53:40 -08:00
xdr_fs.h
yfsclient.c afs: Fix warning due to unadvanced marshalling pointer 2020-11-03 09:53:40 -08:00