mirror of https://github.com/torvalds/linux.git
a64e4d48a0
afs_dynroot_readdir() uses the RCU read lock to walk the cell list whilst
emitting cell automount entries - but dir_emit() may write to a userspace
buffer, thereby causing a fault to occur and waits to happen.
Fix afs_dynroot_readdir() to get a shared lock on net->cells_lock instead.
This can be triggered by enabling lockdep, preconfiguring a number of
cells, doing "mount -t afs none /afs -o dyn" (or using the kafs-client
package with afs.mount systemd unit enabled) and then doing "ls /afs".
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| addr_list.c | ||
| addr_prefs.c | ||
| afs.h | ||
| afs_cm.h | ||
| afs_fs.h | ||
| afs_vl.h | ||
| callback.c | ||
| cell.c | ||
| cmservice.c | ||
| dir.c | ||
| dir_edit.c | ||
| dir_search.c | ||
| dir_silly.c | ||
| dynroot.c | ||
| file.c | ||
| flock.c | ||
| fs_operation.c | ||
| fs_probe.c | ||
| fsclient.c | ||
| inode.c | ||
| internal.h | ||
| main.c | ||
| misc.c | ||
| mntpt.c | ||
| proc.c | ||
| protocol_afs.h | ||
| protocol_uae.h | ||
| protocol_yfs.h | ||
| rotate.c | ||
| rxrpc.c | ||
| security.c | ||
| server.c | ||
| server_list.c | ||
| super.c | ||
| validation.c | ||
| vl_alias.c | ||
| vl_list.c | ||
| vl_probe.c | ||
| vl_rotate.c | ||
| vlclient.c | ||
| volume.c | ||
| write.c | ||
| xattr.c | ||
| xdr_fs.h | ||
| yfsclient.c | ||