diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2021-04-14 11:40:58 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-05-19 11:08:22 +0300 |
| commit | d61f2d938135bedf859db6fb4ed07e0ff962eb0b (patch) | |
| tree | ffde71a18d034f51622a2295393e6bb5d107b67b | |
| parent | 7dac356a65db383ef23b987e4b9e34872ba76292 (diff) | |
| download | linux-d61f2d938135bedf859db6fb4ed07e0ff962eb0b.tar.xz | |
cuse: prevent clone
[ Upstream commit 8217673d07256b22881127bf50dce874d0e51653 ]
For cloned connections cuse_channel_release() will be called more than
once, resulting in use after free.
Prevent device cloning for CUSE, which does not make sense at this point,
and highly unlikely to be used in real life.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | fs/fuse/cuse.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c index 00015d851382..e51b7019e887 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c @@ -624,6 +624,8 @@ static int __init cuse_init(void) cuse_channel_fops.owner = THIS_MODULE; cuse_channel_fops.open = cuse_channel_open; cuse_channel_fops.release = cuse_channel_release; + /* CUSE is not prepared for FUSE_DEV_IOC_CLONE */ + cuse_channel_fops.unlocked_ioctl = NULL; cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) |