fsnotify: Fix NULL ptr deref in fanotify_get_fsid()
authorJan Kara <jack@suse.cz>
Wed, 24 Apr 2019 16:39:57 +0000 (18:39 +0200)
committerJan Kara <jack@suse.cz>
Sun, 28 Apr 2019 20:14:50 +0000 (22:14 +0200)
commitb1da6a51871c6929dced1a7fad81990988b36ed6
tree2c487de5f9e6369a9ee459e93d10dd37f094e945
parentba25b50d582ff6c6021eee80824134aeb9ab8785
fsnotify: Fix NULL ptr deref in fanotify_get_fsid()

fanotify_get_fsid() is reading mark->connector->fsid under srcu. It can
happen that it sees mark not fully initialized or mark that is already
detached from the object list. In these cases mark->connector
can be NULL leading to NULL ptr dereference. Fix the problem by
being careful when reading mark->connector and check it for being NULL.
Also use WRITE_ONCE when writing the mark just to prevent compiler from
doing something stupid.

Reported-by: syzbot+15927486a4f1bfcbaf91@syzkaller.appspotmail.com
Fixes: 77115225acc6 ("fanotify: cache fsid in fsnotify_mark_connector")
Signed-off-by: Jan Kara <jack@suse.cz>
fs/notify/fanotify/fanotify.c
fs/notify/mark.c