Re: KASAN: use-after-free in nilfs_mdt_destroy

From: Al Viro
Date: Mon Aug 15 2022 - 14:02:35 EST

Next message: Peter Zijlstra: "Re: [PATCHv6 04/11] x86/mm: Handle LAM on context switch"
Previous message: syzbot: "[syzbot] usb-testing boot error: general protection fault in __tty_alloc_driver"
In reply to: Jiacheng Xu: "KASAN: use-after-free in nilfs_mdt_destroy"
Next in thread: Al Viro: "Re: KASAN: use-after-free in nilfs_mdt_destroy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 15, 2022 at 10:03:21PM +0800, Jiacheng Xu wrote:

> Patch:
> Fix this bug by moving the assignment of inode->i_private before
> security_inode_alloc.
> An ad-hoc patch is proposed:
> https://patchwork.kernel.org/project/linux-fsdevel/patch/20211011030956.2459172-1-mudongliangabcd@xxxxxxxxx/

... and that looks like utter bollocks. Why does security_inode_alloc()
look at ->i_private? Which LSM is involved?

Next message: Peter Zijlstra: "Re: [PATCHv6 04/11] x86/mm: Handle LAM on context switch"
Previous message: syzbot: "[syzbot] usb-testing boot error: general protection fault in __tty_alloc_driver"
In reply to: Jiacheng Xu: "KASAN: use-after-free in nilfs_mdt_destroy"
Next in thread: Al Viro: "Re: KASAN: use-after-free in nilfs_mdt_destroy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]