Re: [PATCH] vfs: Fix possible NULL pointer dereference ininode_permission()

From: Paul E. McKenney
Date: Thu Jan 09 2014 - 18:11:10 EST

Next message: Sasha Levin: "hfsplus: kernel panic in hfsplus_brec_lenoff"
Previous message: Pavel Machek: "Re: Broken locking in leds-lp5523.c"
In reply to: Al Viro: "Re: [PATCH] vfs: Fix possible NULL pointer dereference ininode_permission()"
Next in thread: Steven Rostedt: "Re: [PATCH] vfs: Fix possible NULL pointer dereference ininode_permission()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 10, 2014 at 06:41:03AM +0800, Linus Torvalds wrote:
> I think the sane short term fix is to make the kfree() of the i_security
> member be a rcu free, and not clear the member.

Interesting use case. ;-)

Thanx, Paul

> Not pretty, but should did this case..
>
> Linus
>
> On Jan 10, 2014 6:31 AM, "Al Viro" <viro@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > iput() definitely can sleep (that's when actual truncation and inode
> > freeing is done for opened-and-unlinked files - on the final iput() after
> > close()), but that' irrelevant here - fsnotify_delete_inode() grabs
> > a bunch of mutexes, which makes calling it from rcu callback no-go.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sasha Levin: "hfsplus: kernel panic in hfsplus_brec_lenoff"
Previous message: Pavel Machek: "Re: Broken locking in leds-lp5523.c"
In reply to: Al Viro: "Re: [PATCH] vfs: Fix possible NULL pointer dereference ininode_permission()"
Next in thread: Steven Rostedt: "Re: [PATCH] vfs: Fix possible NULL pointer dereference ininode_permission()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]