android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7c9d15f68b
android_kernel_xiaomi_sm8450/fs
History
Miklos Szeredi 24d464d38b BACKPORT: fuse: fix pipe buffer lifetime for direct_io 
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.

In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.

On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.

This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.

Fix by copying pages coming from the user address space to new pipe
buffers.

Bug: 226679409
Reported-by: Jann Horn <jannh@google.com>
Fixes: c3021629a0 ("fuse: support splice() reading from fuse device")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I57a98e96e36bb97ce3e7b1ebf88917c6c8b0247d
2022-04-28 11:33:22 +00:00
..
9p This is the 5.10.93 stable release 2022-01-20 09:34:45 +01:00
adfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
affs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
afs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
autofs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
befs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
bfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
btrfs This is the 5.10.99 stable release 2022-02-09 12:14:04 +01:00
cachefiles ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
ceph This is the 5.10.96 stable release 2022-02-07 11:17:58 +01:00
cifs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
coda ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
configfs This is the 5.10.96 stable release 2022-02-07 11:17:58 +01:00
cramfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
crypto ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
debugfs debugfs: lockdown: Allow reading debugfs files that are not world readable 2022-01-27 10:54:02 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:25:39 +01:00
dlm fs: dlm: filter user dlm messages for kernel locks 2022-01-27 10:54:10 +01:00
ecryptfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
efivarfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
efs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
erofs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
exfat Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
exportfs
ext2 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
ext4 BACKPORT: ext4: don't BUG if someone dirty pages without asking ext4 first 2022-04-21 07:53:59 +00:00
f2fs Merge tag 'android12-5.10.101_r00' into android12-5.10 2022-03-21 14:29:02 +01:00
fat ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
freevxfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
fscache ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
fuse BACKPORT: fuse: fix pipe buffer lifetime for direct_io 2022-04-28 11:33:22 +00:00
gfs2 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
hfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
hfsplus ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
hostfs hostfs: fix memory handling in follow_link() 2021-04-14 08:42:06 +02:00
hpfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
hugetlbfs hugetlbfs: fix mount mode command line processing 2021-07-28 14:35:46 +02:00
incfs ANDROID: incremental-fs: limit mount stack depth 2022-04-06 17:24:59 +00:00
iomap Revert "treewide: Change list_sort to use const pointers" 2021-10-04 11:07:40 +02:00
isofs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
jbd2 ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
jffs2 This is the 5.10.94 stable release 2022-01-27 11:49:22 +01:00
jfs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
kernfs kernfs: wire up ->splice_read and ->splice_write 2021-01-27 11:55:29 +01:00
lockd lockd: lockd server-side shouldn't set fl_ops 2021-09-18 13:40:30 +02:00
minix ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
nfs This is the 5.10.101 stable release 2022-02-16 15:16:06 +01:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-30 11:53:45 +01:00
nfsd This is the 5.10.101 stable release 2022-02-16 15:16:06 +01:00
nilfs2 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
nls ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
notify This is the 5.10.97 stable release 2022-02-08 10:08:24 +01:00
ntfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
ocfs2 This is the 5.10.96 stable release 2022-02-07 11:17:58 +01:00
omfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
openpromfs
orangefs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
overlayfs Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
proc This is the 5.10.83 stable release 2021-12-03 15:52:39 +01:00
pstore Merge branch 'android12-5.10' into android12-5.10-lts 2021-07-22 13:32:27 +02:00
qnx4 Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
qnx6 ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
quota quota: correct error number in free_dqentry() 2021-11-18 14:03:51 +01:00
ramfs
reiserfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
romfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
squashfs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
sysfs
sysv ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
tracefs Revert "UPSTREAM: tracefs: Have tracefs directories not set OTH permission bits by default" 2022-02-08 12:46:41 -08:00
ubifs This is the 5.10.94 stable release 2022-01-27 11:49:22 +01:00
udf This is the 5.10.96 stable release 2022-02-07 11:17:58 +01:00
ufs ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
unicode
vboxsf Merge tag 'android12-5.10.81_r00' into android12-5.10 2022-01-21 09:35:04 +01:00
verity ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
xfs Merge branch 'android12-5.10' into android12-5.10-lts 2022-01-17 18:47:02 +01:00
zonefs Merge branch 'android12-5.10' into android12-5.10-lts 2022-01-17 18:47:02 +01:00
aio.c UPSTREAM: aio: fix use-after-free due to missing POLLFREE handling 2021-12-14 13:54:22 +01:00
anon_inodes.c UPSTREAM: fs: anon_inodes: rephrase to appropriate kernel-doc 2021-03-03 16:18:33 +00:00
attr.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
bad_inode.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings 2021-10-06 15:55:59 +02:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
binfmt_script.c
block_dev.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
buffer.c ANDROID: GKI: remove vfs-only namespace from 2 symbols 2022-03-08 07:19:02 +00:00
char_dev.c
compat_binfmt_elf.c
coredump.c This is the 5.10.69 stable release 2021-09-30 18:36:17 +02:00
d_path.c
dax.c dax: fix ENOMEM handling in grab_mapping_entry() 2021-07-14 16:56:13 +02:00
dcache.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
dcookies.c
direct-io.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
drop_caches.c
eventfd.c
eventpoll.c Merge 5.10.36 into android12-5.10 2021-05-13 14:22:11 +02:00
exec.c Revert "ANDROID: vendor_hooks: Add a hook for task tagging" 2022-01-21 13:11:10 +01:00
fcntl.c fcntl: fix potential deadlock for &fasync_struct.fa_lock 2021-09-15 09:50:27 +02:00
fhandle.c
file_table.c
file.c UPSTREAM: fget: check that the fd still exists after getting a ref to it 2022-03-01 16:51:28 +00:00
filesystems.c
fs_context.c memcg: charge fs_context and legacy_fs_context 2022-02-08 18:30:36 +01:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c ANDROID: GKI: set more vfs-only exports into their own namespace 2022-04-07 20:52:29 +02:00
fs-writeback.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
fsopen.c
init.c
inode.c Merge branch 'android12-5.10' into android12-5.10-lts 2022-01-17 18:47:02 +01:00
internal.h cgroup1: fix leaked context root causing sporadic NULL deref in LTP 2021-07-31 08:16:11 +02:00
io_uring.c UPSTREAM: io_uring: return back safer resurrect 2022-03-23 16:16:56 +00:00
io-wq.c io-wq: fix wakeup race when adding new work 2021-09-18 13:40:06 +02:00
io-wq.h io_uring: always batch cancel in *cancel_files() 2021-02-13 13:54:56 +01:00
ioctl.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
Kconfig Merge 5.10.17 into android12-5.10 2021-02-18 11:21:01 +01:00
Kconfig.binfmt
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-27 09:56:51 +02:00
libfs.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
locks.c Revert "nfsd4: a client's own opens needn't prevent delegations" 2021-03-20 10:43:44 +01:00
Makefile ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
mbcache.c
mount.h
mpage.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
namei.c Merge tag 'android12-5.10.101_r00' into android12-5.10 2022-03-21 14:29:02 +01:00
namespace.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
no-block.c
nsfs.c
open.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
pipe.c Revert "pipe: avoid unnecessary EPOLLET wakeups under normal loads" 2021-09-06 14:28:23 +02:00
pnode.c
pnode.h mount: fix mounting of detached mounts onto targets that reside on shared mounts 2021-03-17 17:06:13 +01:00
posix_acl.c
proc_namespace.c proc mountinfo: make splice available again 2020-12-30 11:54:02 +01:00
read_write.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
readdir.c readdir: make sure to verify directory entry for legacy interfaces too 2021-04-21 13:00:54 +02:00
remap_range.c
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-29 10:26:11 +01:00
seq_file.c seq_file: disallow extremely large seq buffer allocations 2021-07-20 16:05:59 +02:00
signalfd.c UPSTREAM: signalfd: use wake_up_pollfree() 2021-12-14 13:54:22 +01:00
splice.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
stack.c
stat.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
statfs.c
super.c This is the 5.10.93 stable release 2022-01-20 09:34:45 +01:00
sync.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00
timerfd.c ANDROID: fs: Add vendor hooks for ep_create_wakeup_source & timerfd_create 2021-03-24 17:57:22 +00:00
userfaultfd.c Merge branch 'android12-5.10' into android12-5.10-lts 2021-11-04 17:26:58 +01:00
utimes.c
xattr.c ANDROID: GKI: set vfs-only exports into their own namespace 2022-01-11 09:30:47 +01:00