Re: [PATCH] SELinux: Fix possible NULL pointer dereference inselinux_inode_permission()

[Al Viro]

On Thu, Jan 09, 2014 at 10:51:14AM -0500, Steven Rostedt wrote:

> diff --git a/fs/inode.c b/fs/inode.c
> index 4bcdad3..a8f3b88 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -252,16 +252,17 @@ EXPORT_SYMBOL(__destroy_inode);
>  static void i_callback(struct rcu_head *head)
>  {
>  	struct inode *inode = container_of(head, struct inode, i_rcu);
> +	__destroy_inode(inode);
>  	kmem_cache_free(inode_cachep, inode);
>  }
>  
>  static void destroy_inode(struct inode *inode)
>  {
>  	BUG_ON(!list_empty(&inode->i_lru));
> -	__destroy_inode(inode);
> -	if (inode->i_sb->s_op->destroy_inode)
> +	if (inode->i_sb->s_op->destroy_inode) {
> +		__destroy_inode(inode);
>  		inode->i_sb->s_op->destroy_inode(inode);
> -	else
> +	} else
>  		call_rcu(&inode->i_rcu, i_callback);
>  }
>  
No go - idiotify and friends grab mutexes from fsnotify_inode_delete().
Can't do that from rcu callbacks.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/