diff options
author | Jan Kara <jack@suse.cz> | 2014-02-21 19:14:11 +0100 |
---|---|---|
committer | Jan Kara <jack@suse.cz> | 2014-02-25 11:18:06 +0100 |
commit | ff57cd5863cf3014c1c5ed62ce2715294f065b17 (patch) | |
tree | c9bc7bd04326afc92d85a476d28453218c40e14e /fs/notify/inotify/inotify_user.c | |
parent | 482ef06c5e946aae360f247dc69471ec031e09d2 (diff) | |
download | linux-ff57cd5863cf3014c1c5ed62ce2715294f065b17.tar.bz2 |
fsnotify: Allocate overflow events with proper type
Commit 7053aee26a35 "fsnotify: do not share events between notification
groups" used overflow event statically allocated in a group with the
size of the generic notification event. This causes problems because
some code looks at type specific parts of event structure and gets
confused by a random data it sees there and causes crashes.
Fix the problem by allocating overflow event with type corresponding to
the group type so code cannot get confused.
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/notify/inotify/inotify_user.c')
-rw-r--r-- | fs/notify/inotify/inotify_user.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c index 6528b5a54ca0..78a2ca3966c3 100644 --- a/fs/notify/inotify/inotify_user.c +++ b/fs/notify/inotify/inotify_user.c @@ -633,11 +633,23 @@ static int inotify_update_watch(struct fsnotify_group *group, struct inode *inod static struct fsnotify_group *inotify_new_group(unsigned int max_events) { struct fsnotify_group *group; + struct inotify_event_info *oevent; group = fsnotify_alloc_group(&inotify_fsnotify_ops); if (IS_ERR(group)) return group; + oevent = kmalloc(sizeof(struct inotify_event_info), GFP_KERNEL); + if (unlikely(!oevent)) { + fsnotify_destroy_group(group); + return ERR_PTR(-ENOMEM); + } + group->overflow_event = &oevent->fse; + fsnotify_init_event(group->overflow_event, NULL, FS_Q_OVERFLOW); + oevent->wd = -1; + oevent->sync_cookie = 0; + oevent->name_len = 0; + group->max_events = max_events; spin_lock_init(&group->inotify_data.idr_lock); |