This is a note to let you know that I've just added the patch titled fuse: readdirplus: sanity checks to the 3.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fuse-readdirplus-sanity-checks.patch and it can be found in the queue-3.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From a28ef45cbb1e7fadd5159deb17b02de15c6e4aaf Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi@xxxxxxx> Date: Wed, 17 Jul 2013 14:53:53 +0200 Subject: fuse: readdirplus: sanity checks From: Miklos Szeredi <mszeredi@xxxxxxx> commit a28ef45cbb1e7fadd5159deb17b02de15c6e4aaf upstream. Add sanity checks before adding or updating an entry with data received from readdirplus. Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/fuse/dir.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1225,6 +1225,12 @@ static int fuse_direntplus_link(struct f if (name.name[1] == '.' && name.len == 2) return 0; } + + if (invalid_nodeid(o->nodeid)) + return -EIO; + if (!fuse_valid_type(o->attr.mode)) + return -EIO; + fc = get_fuse_conn(dir); name.hash = full_name_hash(name.name, name.len); @@ -1233,10 +1239,14 @@ static int fuse_direntplus_link(struct f inode = dentry->d_inode; if (!inode) { d_drop(dentry); - } else if (get_node_id(inode) != o->nodeid) { + } else if (get_node_id(inode) != o->nodeid || + ((o->attr.mode ^ inode->i_mode) & S_IFMT)) { err = d_invalidate(dentry); if (err) goto out; + } else if (is_bad_inode(inode)) { + err = -EIO; + goto out; } else { struct fuse_inode *fi; fi = get_fuse_inode(inode); Patches currently in stable-queue which might be from mszeredi@xxxxxxx are queue-3.10/fuse-readdirplus-sanity-checks.patch queue-3.10/fuse-readdirplus-fix-dentry-leak.patch queue-3.10/fuse-readdirplus-fix-instantiate.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html