projects / wrapfs-4.13.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e22c11d) | patch
debugfs: fix use-after-free on symlink traversal
authorAl Viro <viro@zeniv.linux.org.uk>
Tue, 26 Mar 2019 01:43:37 +0000 (01:43 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 8 May 2019 05:21:48 +0000 (07:21 +0200)
commitf0112b649525fda883ae77db7d0774cb4da47cb8
tree59606e8e384a93b0e2ddcc5cafca98981153d507tree | snapshot
parente22c11da0a8683d22011bbce18da493c079d67b3commit | diff
debugfs: fix use-after-free on symlink traversal

[ Upstream commit 93b919da64c15b90953f96a536e5e61df896ca57 ]

symlink body shouldn't be freed without an RCU delay.  Switch debugfs to
->destroy_inode() and use of call_rcu(); free both the inode and symlink
body in the callback.  Similar to solution for bpf, only here it's even
more obvious that ->evict_inode() can be dropped.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/debugfs/inode.c diff | blob | history
wrapfs-4.13.y