gadgetfs: use-after-free in ->aio_read()
[ Upstream commit
f01d35a15fa04162a58b95970fc01fa70ec9dacd ]
AIO_PREAD requests call ->aio_read() with iovec on caller's stack, so if
we are going to access it asynchronously, we'd better get ourselves
a copy - the one on kernel stack of aio_run_iocb() won't be there
anymore. function/f_fs.c take care of doing that, legacy/inode.c
doesn't...
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
projects / profile / wearable / platform / kernel / linux-3.18-exynos7270.git / commit