Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-10-12 12:17:18 +0200
committerTakashi Iwai <tiwai@suse.de>2018-10-12 12:17:18 +0200
commit1a15e26806eefeea5e43af5ee4fc70d74e75ca55 (patch)
tree0df976199bc80ddb5bd9a16f845f661edf90a777
parentbda2dcccbcbf437494cbd5946159f3e7ab792e3f (diff)
rpc_pipefs: fix double-dput() (bsc#1051510).
-rw-r--r--patches.fixes/rpc_pipefs-fix-double-dput.patch35
-rw-r--r--series.conf1
2 files changed, 36 insertions, 0 deletions
diff --git a/patches.fixes/rpc_pipefs-fix-double-dput.patch b/patches.fixes/rpc_pipefs-fix-double-dput.patch
new file mode 100644
index 0000000000..68a2421bdb
--- /dev/null
+++ b/patches.fixes/rpc_pipefs-fix-double-dput.patch
@@ -0,0 +1,35 @@
+From 4a3877c4cedd95543f8726b0a98743ed8db0c0fb Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 3 Apr 2018 01:15:46 -0400
+Subject: [PATCH] rpc_pipefs: fix double-dput()
+Git-commit: 4a3877c4cedd95543f8726b0a98743ed8db0c0fb
+Patch-mainline: v4.17-rc2
+References: bsc#1051510
+
+if we ever hit rpc_gssd_dummy_depopulate() dentry passed to
+it has refcount equal to 1. __rpc_rmpipe() drops it and
+dput() done after that hits an already freed dentry.
+
+Cc: stable@kernel.org
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/sunrpc/rpc_pipe.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
+index 0f08934b2cea..c81ef5e6c981 100644
+--- a/net/sunrpc/rpc_pipe.c
++++ b/net/sunrpc/rpc_pipe.c
+@@ -1375,6 +1375,7 @@ rpc_gssd_dummy_depopulate(struct dentry *pipe_dentry)
+ struct dentry *clnt_dir = pipe_dentry->d_parent;
+ struct dentry *gssd_dir = clnt_dir->d_parent;
+
++ dget(pipe_dentry);
+ __rpc_rmpipe(d_inode(clnt_dir), pipe_dentry);
+ __rpc_depopulate(clnt_dir, gssd_dummy_info_file, 0, 1);
+ __rpc_depopulate(gssd_dir, gssd_dummy_clnt_dir, 0, 1);
+--
+2.19.0
+
diff --git a/series.conf b/series.conf
index a7c2bd17b0..a2aff260be 100644
--- a/series.conf
+++ b/series.conf
@@ -15100,6 +15100,7 @@
patches.fixes/udf-Fix-leak-of-UTF-16-surrogates-into-encoded-strin.patch
patches.fixes/eCryptfs-don-t-pass-up-plaintext-names-when-using-fi.patch
patches.fixes/jffs2_kill_sb-deal-with-failed-allocations.patch
+ patches.fixes/rpc_pipefs-fix-double-dput.patch
patches.drivers/ibmvnic-Define-vnic_login_client_data-name-field-as-.patch
patches.suse/tcp-md5-reject-TCP_MD5SIG-or-TCP_MD5SIG_EXT-on-estab.patch
patches.suse/net-validate-attribute-sizes-in-neigh_dump_table.patch