fuse: fix readdir cache race - linux-dev - Linux kernel development work - see feature branches

about summary refs log tree commit diff stats

path: root/include/uapi/linux/taskstats.h

diff options

author	Miklos Szeredi <mszeredi@redhat.com>	2022-10-20 17:18:58 +0200
committer	Miklos Szeredi <mszeredi@redhat.com>	2022-10-20 17:18:58 +0200
commit	9fa248c65bdbf5af0a2f74dd38575acfc8dfd2bf (patch)
tree	4fc373a67c8d59509c4db530a86da7c0252f1267 /include/uapi/linux/taskstats.h
parent	Linux 6.1-rc1 (diff)

fuse: fix readdir cache race

There's a race in fuse's readdir cache that can result in an uninitilized page being read. The page lock is supposed to prevent this from happening but in the following case it doesn't: Two fuse_add_dirent_to_cache() start out and get the same parameters (size=0,offset=0). One of them wins the race to create and lock the page, after which it fills in data, sets rdc.size and unlocks the page. In the meantime the page gets evicted from the cache before the other instance gets to run. That one also creates the page, but finds the size to be mismatched, bails out and leaves the uninitialized page in the cache. Fix by marking a filled page uptodate and ignoring non-uptodate pages. Reported-by: Frank Sorenson <fsorenso@redhat.com> Fixes: 5d7bc7e8680c ("fuse: allow using readdir cache") Cc: <stable@vger.kernel.org> # v4.20 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Diffstat (limited to 'include/uapi/linux/taskstats.h')

0 files changed, 0 insertions, 0 deletions

onhover' src='https://seccdn.libravatar.org/avatar/8733d9771c99e25ab0e77efa81a9dceb?s=128&d=retro' />Kirill A. Shutemov1-1/+1 2015-11-05mm/mincore: use offset_in_page macro

Alexander Kuleshov1-1/+1 2015-02-11mincore: apply page table walker on do_mincore()

Naoya Horiguchi1-106/+60 2015-02-10mm: remove rest usage of VM_NONLINEAR and pte_file()

Kirill A. Shutemov1-7/+2 2014-12-13mm: mincore: add hwpoison page handle

Weijie Yang1-2/+5 2014-04-03mm + fs: prepare for non-page entries in page cache radix trees

Johannes Weiner1-6/+14 2014-01-23mm: do_mincore() cleanup

Jianguo Wu1-7/+0 2013-02-23swap: make each swap partition have one address_space

Shaohua Li1-2/+3 2012-03-21mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode

Andrea Arcangeli1-1/+1 2011-08-03mm: clarify the radix_tree exceptional cases

Hugh Dickins1-0/+1 2011-08-03mm: a few small updates for radix-swap

Hugh Dickins1-4/+6 2011-01-13thp: mincore transparent hugepage support

Johannes Weiner1-1/+7 2011-01-13thp: split_huge_page_mm/vma

Andrea Arcangeli1-0/+1 2010-05-25mincore: do nested page table walks

Johannes Weiner1-17/+58 2010-05-25mincore: pass ranges as start,end address pairs

Johannes Weiner1-30/+27 2010-05-25mincore: break do_mincore() into logical pieces

Johannes Weiner1-74/+97 2010-05-25mincore: cleanups

Johannes Weiner1-49/+27 2010-03-30include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

Tejun Heo1-1/+1 2009-12-15mm: hugetlb: fix hugepage memory leak in mincore()

Naoya Horiguchi1-0/+37 2009-01-14[CVE-2009-0029] System call wrappers part 14

Heiko Carstens1-2/+2 2008-04-28mm: remove nopage

Nick Piggin1-1/+1 2007-02-15[PATCH] mincore: vma crossing fix

Nick Piggin1-2/+10 2007-02-15[PATCH] mincore: fill in results properly

Nick Piggin1-0/+5 2007-02-15[PATCH] mincore: CONFIG_SWAP=n fix

Nick Piggin1-0/+5 2007-02-12[PATCH] mm: mincore anon

Nick Piggin1-26/+76 2006-12-17[PATCH] sys_mincore: s/max/min/

Oleg Nesterov1-1/+1 2006-12-16Fix up mm/mincore.c error value cases

Linus Torvalds1-19/+10 2006-12-16Fix incorrect user space access locking in mincore()

Linus Torvalds1-101/+83