Re: [PATCH] ima: Fix use-after-free on a dentry's dname.name

From: Mimi Zohar
Date: Thu Mar 28 2024 - 21:03:07 EST

Next message: Stephen Boyd: "Add clk-fixes branch to pending-fixes"
Previous message: Reinette Chatre: "Re: [PATCH] Documentation/x86: Document resctrl bandwidth control units are MiB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2024-03-22 at 10:03 -0400, Stefan Berger wrote:
> ->d_name.name can change on rename and the earlier value can be freed;
> there are conditions sufficient to stabilize it (->d_lock on dentry,
> ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
> rename_lock), but none of those are met at any of the sites. Take a stable
> snapshot of the name instead.
>
> Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Thanks, Al, Stefan.

Mimi

Next message: Stephen Boyd: "Add clk-fixes branch to pending-fixes"
Previous message: Reinette Chatre: "Re: [PATCH] Documentation/x86: Document resctrl bandwidth control units are MiB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]