Searched hist:"535 e9bd0e8f8d8cfdc29de7cdb902b5041427fe6" (Results 1 – 3 of 3) sorted by relevance
| /openbmc/linux/fs/fuse/ |
| H A D | cuse.c | diff 535e9bd0e8f8d8cfdc29de7cdb902b5041427fe6 Wed Sep 27 23:19:39 CDT 2023 Al Viro <viro@zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks
[ Upstream commit 053fc4f755ad43cf35210677bcba798ccdc48d0c ]
->permission(), ->get_link() and ->inode_get_acl() might dereference
->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
as well) when called from rcu pathwalk.
Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
and dropping ->user_ns rcu-delayed too.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| H A D | fuse_i.h | diff 535e9bd0e8f8d8cfdc29de7cdb902b5041427fe6 Wed Sep 27 23:19:39 CDT 2023 Al Viro <viro@zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks
[ Upstream commit 053fc4f755ad43cf35210677bcba798ccdc48d0c ]
->permission(), ->get_link() and ->inode_get_acl() might dereference
->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
as well) when called from rcu pathwalk.
Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
and dropping ->user_ns rcu-delayed too.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| H A D | inode.c | diff 535e9bd0e8f8d8cfdc29de7cdb902b5041427fe6 Wed Sep 27 23:19:39 CDT 2023 Al Viro <viro@zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks
[ Upstream commit 053fc4f755ad43cf35210677bcba798ccdc48d0c ]
->permission(), ->get_link() and ->inode_get_acl() might dereference
->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
as well) when called from rcu pathwalk.
Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
and dropping ->user_ns rcu-delayed too.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|