linux_old1/fs/xfs
Jann Horn 7f1b62457b xfs: fix type confusion in xfs_ioc_swapext
When calling fdget() in xfs_ioc_swapext(), we need to verify that
the file descriptors passed into the ioctl point to XFS inodes
before we start operations on them. If we don't do this, we could be
referencing arbitrary kernel memory as an XFS inode. THis could lead
to memory corruption and/or performing locking operations on
attacker-chosen structures in kernel memory.

[dchinner: rewrite commit message ]
[dchinner: add comment explaining new check ]

Signed-off-by: Jann Horn <jann@thejh.net>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
2016-07-20 10:30:30 +10:00
..
libxfs xfs: update for 4.7-rc1 2016-05-26 10:13:40 -07:00
Kconfig xfs: require 64-bit sector_t 2014-07-30 09:12:05 +10:00
Makefile nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
kmem.c xfs: improve kmem_realloc 2016-04-06 09:47:01 +10:00
kmem.h xfs: improve kmem_realloc 2016-04-06 09:47:01 +10:00
mrlock.h
uuid.c
uuid.h
xfs.h
xfs_acl.c posix_acl: Inode acl caching fixes 2016-03-31 00:30:15 -04:00
xfs_acl.h xfs: Change how listxattr generates synthetic attributes 2015-12-06 21:34:16 -05:00
xfs_aops.c xfs: update for 4.7-rc1 2016-05-26 10:13:40 -07:00
xfs_aops.h xfs: optimize bio handling in the buffer writeback path 2016-04-06 08:34:30 +10:00
xfs_attr.h xfs: remove put_value from attr ->put_listent context 2016-04-06 07:57:45 +10:00
xfs_attr_inactive.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_attr_list.c xfs: collapse cases in xfs_attr3_leaf_list_int 2016-04-06 07:57:47 +10:00
xfs_bmap_util.c DAX error handling for 4.7 2016-05-26 19:34:26 -07:00
xfs_bmap_util.h xfs: Add support FALLOC_FL_INSERT_RANGE for fallocate 2015-03-25 15:08:56 +11:00
xfs_buf.c xfs: buffer ->bi_end_io function requires irq-safe lock 2016-05-18 10:56:41 +10:00
xfs_buf.h xfs: add configuration of error failure speed 2016-05-18 11:08:15 +10:00
xfs_buf_item.c xfs: add "fail at unmount" error handling configuration 2016-05-18 11:11:27 +10:00
xfs_buf_item.h xfs: fix non-debug build warnings 2015-08-25 10:05:13 +10:00
xfs_dir2_readdir.c xfs: concurrent readdir hangs on data buffer locks 2016-05-18 13:20:21 -04:00
xfs_discard.c xfs: fix format specifier , should be %llx and not %llu 2016-03-02 09:57:04 +11:00
xfs_discard.h
xfs_dquot.c Merge branch 'xfs-4.7-misc-fixes' into for-next 2016-05-20 10:33:17 +10:00
xfs_dquot.h xfs: fix implicit bool to int conversion 2015-01-09 10:48:58 +11:00
xfs_dquot_item.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_dquot_item.h
xfs_error.c xfs: print name of verifier if it fails 2016-01-04 16:10:19 +11:00
xfs_error.h xfs: remove inst_t 2015-06-22 09:44:02 +10:00
xfs_export.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 19:50:32 -07:00
xfs_export.h
xfs_extent_busy.c xfs: merge xfs_ag.h into xfs_format.h 2014-11-28 14:25:04 +11:00
xfs_extent_busy.h
xfs_extfree_item.c xfs: add helper to conditionally remove items from the AIL 2015-08-19 10:01:08 +10:00
xfs_extfree_item.h xfs: fix efi/efd error handling to avoid fs shutdown hangs 2015-08-19 09:51:16 +10:00
xfs_file.c DAX error handling for 4.7 2016-05-26 19:34:26 -07:00
xfs_filestream.c xfs: mode di_mode to vfs inode 2016-02-09 16:54:58 +11:00
xfs_filestream.h xfs: add filestream allocator tracepoints 2014-04-23 07:11:52 +10:00
xfs_fsops.c Merge branch 'xfs-4.7-trans-type-cleanup' into for-next 2016-05-20 10:31:52 +10:00
xfs_fsops.h xfs: remove unused function definitions 2016-02-08 14:58:07 +11:00
xfs_globals.c xfs: export log_recovery_delay to delay mount time log recovery 2014-09-09 11:56:13 +10:00
xfs_icache.c xfs: move reclaim tagging functions 2016-05-18 14:20:08 +10:00
xfs_icache.h xfs: merge xfs_ag.h into xfs_format.h 2014-11-28 14:25:04 +11:00
xfs_icreate_item.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_icreate_item.h
xfs_inode.c Merge branch 'xfs-4.7-inode-reclaim' into for-next 2016-05-20 10:34:00 +10:00
xfs_inode.h xfs: set up inode operation vectors later 2016-04-06 07:48:27 +10:00
xfs_inode_item.c Merge branch 'xfs-4.7-misc-fixes' into for-next 2016-05-20 10:33:17 +10:00
xfs_inode_item.h xfs: remove timestamps from incore inode 2016-02-09 16:54:58 +11:00
xfs_ioctl.c xfs: fix type confusion in xfs_ioc_swapext 2016-07-20 10:30:30 +10:00
xfs_ioctl.h
xfs_ioctl32.c xfs: prefix XATTR_LIST_MAX with XFS_ 2015-10-12 16:02:56 +11:00
xfs_ioctl32.h xfs: compat_xfs_bstat does not have forkoff 2014-10-02 09:17:58 +10:00
xfs_iomap.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_iomap.h xfs: pass a 64-bit count argument to xfs_iomap_write_unwritten 2015-01-09 10:48:12 +11:00
xfs_iops.c Merge branch 'xfs-4.7-optimise-inline-symlinks' into for-next 2016-05-20 10:32:10 +10:00
xfs_iops.h xfs: inodes are new until the dentry cache is set up 2015-02-23 22:38:08 +11:00
xfs_itable.c xfs: mode di_mode to vfs inode 2016-02-09 16:54:58 +11:00
xfs_itable.h xfs: bulkstat chunk formatting cursor is broken 2014-11-07 08:30:30 +11:00
xfs_linux.h mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
xfs_log.c Merge branch 'xfs-4.7-misc-fixes' into for-next 2016-05-20 10:33:17 +10:00
xfs_log.h xfs: remove transaction types 2016-04-06 09:20:36 +10:00
xfs_log_cil.c xfs: remove transaction types 2016-04-06 09:20:36 +10:00
xfs_log_priv.h xfs: remove transaction types 2016-04-06 09:20:36 +10:00
xfs_log_recover.c Merge branch 'xfs-4.7-misc-fixes' into for-next 2016-05-20 10:33:17 +10:00
xfs_message.c xfs: more info from kmem deadlocks and high-level error msgs 2015-10-12 16:04:45 +11:00
xfs_message.h
xfs_mount.c xfs: update for 4.7-rc1 2016-05-26 10:13:40 -07:00
xfs_mount.h xfs: update for 4.7-rc1 2016-05-26 10:13:40 -07:00
xfs_mru_cache.c xfs: xfs_mru_cache_insert() should use GFP_NOFS 2015-03-25 14:57:53 +11:00
xfs_mru_cache.h xfs: embedd mru_elem into parent structure 2014-04-23 07:11:51 +10:00
xfs_ondisk.h xfs: check sizes of XFS on-disk structures at compile time 2016-03-09 08:15:14 +11:00
xfs_pnfs.c xfs: update for 4.7-rc1 2016-05-26 10:13:40 -07:00
xfs_pnfs.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
xfs_qm.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_qm.h xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_qm_bhv.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_qm_syscalls.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_quota.h xfs: fix quota block reservation leak when tp allocates and frees blocks 2015-06-01 07:15:37 +10:00
xfs_quotaops.c xfs: wire up Q_XGETNEXTQUOTA / get_nextdqblk 2016-02-08 11:27:38 +11:00
xfs_rtalloc.c xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_rtalloc.h xfs: combine xfs_rtmodify_summary and xfs_rtget_summary 2014-09-09 11:58:42 +10:00
xfs_stats.c xfs: stats are no longer dependent on CONFIG_PROC_FS 2015-10-19 08:42:46 +11:00
xfs_stats.h xfs: per-filesystem stats counter implementation 2015-10-12 18:21:22 +11:00
xfs_super.c DAX error handling for 4.7 2016-05-26 19:34:26 -07:00
xfs_super.h xfs: fix up inode32/64 (re)mount handling 2016-03-02 09:58:09 +11:00
xfs_symlink.c Merge branch 'xfs-4.7-optimise-inline-symlinks' into for-next 2016-05-20 10:32:10 +10:00
xfs_symlink.h
xfs_sysctl.c xfs: pass xfsstats structures to handlers and macros 2015-10-12 05:19:45 +11:00
xfs_sysctl.h xfs: export log_recovery_delay to delay mount time log recovery 2014-09-09 11:56:13 +10:00
xfs_sysfs.c xfs: add "fail at unmount" error handling configuration 2016-05-18 11:11:27 +10:00
xfs_sysfs.h xfs: configurable error behavior via sysfs 2016-05-18 10:58:51 +10:00
xfs_trace.c xfs: move most of xfs_sb.h to xfs_format.h 2014-11-28 14:27:09 +11:00
xfs_trace.h Merge branch 'xfs-4.7-error-cfg' into for-next 2016-05-20 10:33:38 +10:00
xfs_trans.c xfs: remove transaction types 2016-04-06 09:20:36 +10:00
xfs_trans.h xfs: better xfs_trans_alloc interface 2016-04-06 09:19:55 +10:00
xfs_trans_ail.c xfs: Make xfsaild freezeable again 2016-02-08 14:59:07 +11:00
xfs_trans_buf.c xfs: remove XBF_STALE flag wrapper macros 2016-02-10 15:01:11 +11:00
xfs_trans_dquot.c xfs: Split default quota limits by quota type 2016-02-08 11:27:55 +11:00
xfs_trans_extfree.c xfs: ensure EFD trans aborts on log recovery extent free failure 2015-08-19 09:51:43 +10:00
xfs_trans_inode.c xfs: move di_changecount to VFS inode 2016-02-09 16:54:58 +11:00
xfs_trans_priv.h xfs: add helper to conditionally remove items from the AIL 2015-08-19 10:01:08 +10:00
xfs_xattr.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-05-27 17:14:05 -07:00