Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/fs
History
Piotr Krysiuk b318271a8b fs/namespace.c: fix mountpoint reference counter race 
A race condition between threads updating mountpoint reference counter
affects longterm releases 4.4.220, 4.9.220, 4.14.177 and 4.19.118.

The mountpoint reference counter corruption may occur when:
* one thread increments m_count member of struct mountpoint
  [under namespace_sem, but not holding mount_lock]
    pivot_root()
* another thread simultaneously decrements the same m_count
  [under mount_lock, but not holding namespace_sem]
    put_mountpoint()
      unhash_mnt()
        umount_mnt()
          mntput_no_expire()

To fix this race condition, grab mount_lock before updating m_count in
pivot_root().

Reference: CVE-2020-12114
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I2b2cfdbf6529c9d72d54738db6169dd421eb1f51
 		2020-06-06 20:31:53 +02:00
..
9p
adfs
affs
afs
autofs4
befs
bfs
btrfs
cachefiles
ceph
cifs
coda convert coda 2019-07-27 22:09:20 +02:00
configfs
cramfs
crypto
debugfs treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
devpts
dlm
ecryptfs
efivarfs
efs
exfat
exofs
exportfs
ext2
ext3
ext4 ext4: work around deleting a file with i_nlink == 0 safely 2020-02-12 22:53:24 +01:00
f2fs f2fs: move dir data flush to write checkpoint process 2019-07-27 22:06:03 +02:00
fat fat: fix memory allocation failure handling of match_strdup() 2019-11-08 22:43:50 +01:00
freevxfs
fscache
fuse fuse: handle zero sized retrieve correctly 2019-07-27 22:06:05 +02:00
gfs2
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs
isofs
jbd
jbd2 jbd2: clear dirty flag when revoking a buffer from an older transaction 2019-07-27 22:11:21 +02:00
jffs2
jfs
lockd
logfs
minix
ncpfs
nfs
nfs_common
nfsd
nilfs2
nls
notify
ntfs
ocfs2
omfs
openpromfs
proc fs/proc/proc_sysctl.c: Fix a NULL pointer dereference 2019-07-27 22:10:40 +02:00
pstore pstore/ram: Do not treat empty buffers as valid 2019-07-27 21:53:37 +02:00
qnx4
qnx6
quota
ramfs
reiserfs
romfs
sdcardfs ANDROID: sdcardfs: Wait for file flush to complete 2019-07-27 22:11:27 +02:00
sdfat sdfat: Capitalize config options 2019-07-27 22:08:28 +02:00
squashfs
sysfs
sysv
ubifs
udf
ufs
xfs
yaffs2
Kconfig
Kconfig.binfmt
Makefile
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c binfmt_elf: Fix missing SIGKILL for empty PIE 2019-07-27 22:10:24 +02:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c block: do not leak memory in bio_copy_user_iov() 2019-07-27 22:10:06 +02:00
block_dev.c
buffer.c treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
char_dev.c
compat.c
compat_binfmt_elf.c
compat_ioctl.c
coredump.c
coredump.h
dcache.c dentry name snapshots 2019-08-04 19:44:39 +02:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c fs/epoll: drop ovflist branch prediction 2019-07-27 22:06:04 +02:00
exec.c fs/exec.c:de_thread(): use change_pid() rather than detach_pid/attach_pid 2019-07-27 22:10:32 +02:00
fcntl.c
fhandle.c
file.c
file_table.c
filesystems.c
fs-writeback.c
fs_struct.c
generic_acl.c
inode.c vfs: lock_two_nondirectories: allow directory args 2019-07-27 22:11:22 +02:00
internal.h allow build_open_flags() to return an error 2019-07-27 22:08:22 +02:00
ioctl.c
ioprio.c
libfs.c
locks.c locks: fix locks_mandatory_locked to respect file-private locks 2019-07-27 22:08:10 +02:00
mbcache.c
mount.h
mpage.c
namei.c allow build_open_flags() to return an error 2019-07-27 22:08:22 +02:00
namespace.c fs/namespace.c: fix mountpoint reference counter race 2020-06-06 20:31:53 +02:00
no-block.c
open.c allow build_open_flags() to return an error 2019-07-27 22:08:22 +02:00
pipe.c splice: don't merge into linked buffers 2019-07-27 22:11:20 +02:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
select.c
seq_file.c Make file credentials available to the seqfile interfaces 2019-07-27 22:05:58 +02:00
signalfd.c
splice.c splice: don't merge into linked buffers 2019-07-27 22:11:20 +02:00
stack.c
stat.c
statfs.c
super.c
sync.c
timerfd.c
utimes.c
xattr.c
xattr_acl.c