* [PATCH AUTOSEL 5.8 17/27] ceph: fix use-after-free for fsc->mdsc
[not found] <20200820000116.214821-1-sashal@kernel.org>
@ 2020-08-20 0:01 ` Sasha Levin
0 siblings, 0 replies; only message in thread
From: Sasha Levin @ 2020-08-20 0:01 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xiubo Li, syzbot+b57f46d8d6ea51960b8c, Jeff Layton, Ilya Dryomov,
Sasha Levin, ceph-devel
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit a7caa88f8b72c136f9a401f498471b8a8e35370d ]
If the ceph_mdsc_init() fails, it will free the mdsc already.
Reported-by: syzbot+b57f46d8d6ea51960b8c@syzkaller.appspotmail.com
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/mds_client.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index a50497142e598..cea7bf78c151c 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -4359,7 +4359,6 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
goto err_mdsc;
}
- fsc->mdsc = mdsc;
init_completion(&mdsc->safe_umount_waiters);
init_waitqueue_head(&mdsc->session_close_wq);
INIT_LIST_HEAD(&mdsc->waiting_for_map);
@@ -4414,6 +4413,8 @@ int ceph_mdsc_init(struct ceph_fs_client *fsc)
strscpy(mdsc->nodename, utsname()->nodename,
sizeof(mdsc->nodename));
+
+ fsc->mdsc = mdsc;
return 0;
err_mdsmap:
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-08-20 0:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200820000116.214821-1-sashal@kernel.org>
2020-08-20 0:01 ` [PATCH AUTOSEL 5.8 17/27] ceph: fix use-after-free for fsc->mdsc Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).