On Tue, Nov 27, 2018 at 11:05 AM Jan Kara wrote:
>
> On Tue 27-11-18 17:57:12, PanBian wrote:
> > I am not quite sure about the actual execution logic. But I guess new_dentry
> > reference may be dropped outside vfs_rename in cocurrent executions.
> > Otherwise, there is no need to acquire & drop
On Tue 27-11-18 17:57:12, PanBian wrote:
> On Tue, Nov 27, 2018 at 10:25:51AM +0100, Jan Kara wrote:
> > On Sun 25-11-18 08:15:23, Pan Bian wrote:
> > > After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
> > > This may result in a use-after-free bug. This patch moves the put
> >
On Tue, Nov 27, 2018 at 10:25:51AM +0100, Jan Kara wrote:
> On Sun 25-11-18 08:15:23, Pan Bian wrote:
> > After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
> > This may result in a use-after-free bug. This patch moves the put
> > operation late.
> >
> > Fixes: da1ce0670c14("vf
On Sun 25-11-18 08:15:23, Pan Bian wrote:
> After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
> This may result in a use-after-free bug. This patch moves the put
> operation late.
>
> Fixes: da1ce0670c14("vfs: add cross-rename")
> Signed-off-by: Pan Bian
The code is actually
After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
This may result in a use-after-free bug. This patch moves the put
operation late.
Fixes: da1ce0670c14("vfs: add cross-rename")
Signed-off-by: Pan Bian
---
V2: correct the fixes commit information
---
fs/namei.c | 2 +-
1 file
5 matches
Mail list logo