diff options
author | Al Viro <viro@ZenIV.linux.org.uk> | 2012-11-18 19:19:00 +0000 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-11-18 09:30:00 -1000 |
commit | 3587b1b097d70c2eb9fee95ea7995d13c05f66e5 (patch) | |
tree | 71f29d988cb6a1ac7f1c258dc003a9d252ea72f6 /CREDITS | |
parent | 8d938105e432fe0e9f5163147e9c113190bd9d32 (diff) | |
download | linux-3587b1b097d70c2eb9fee95ea7995d13c05f66e5.tar.bz2 |
fanotify: fix FAN_Q_OVERFLOW case of fanotify_read()
If the FAN_Q_OVERFLOW bit set in event->mask, the fanotify event
metadata will not contain a valid file descriptor, but
copy_event_to_user() didn't check for that, and unconditionally does a
fd_install() on the file descriptor.
Which in turn will cause a BUG_ON() in __fd_install().
Introduced by commit 352e3b249284 ("fanotify: sanitize failure exits in
copy_event_to_user()")
Mea culpa - missed that path ;-/
Reported-by: Alex Shi <lkml.alex@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'CREDITS')
0 files changed, 0 insertions, 0 deletions