* Re: KASAN: use-after-free Read in path_lookupat
[not found] ` <20190326014552.GY2217@ZenIV.linux.org.uk>
@ 2019-04-10 18:11 ` Al Viro
2019-04-10 19:44 ` Linus Torvalds
0 siblings, 1 reply; 2+ messages in thread
From: Al Viro @ 2019-04-10 18:11 UTC (permalink / raw)
To: Linus Torvalds
Cc: syzbot, Alexei Starovoitov, Daniel Borkmann, linux-fsdevel,
Linux List Kernel Mailing, syzkaller-bugs, James Morris,
linux-security-module
On Tue, Mar 26, 2019 at 01:45:52AM +0000, Al Viro wrote:
> On Mon, Mar 25, 2019 at 11:37:32PM +0000, Al Viro wrote:
>
> > For debugfs it's clearly "use default ->evict_inode(), have explicit
> > ->destroy_inode() using free_inode_nonrcu()" - there we have nothing
> > else done in ->evict_inode() and kfree is obviously safe in softirq.
> > I'll post that (or push to vfs.git#fixes), along with minimal fixes
> > for other 3. If bpf_any_put() is softirq-safe, we'll have the full
> > set for -stable and the rest could be done on top of that.
> >
> > Won't solve the documetation problem, unfortunately ;-/
>
> Posted; all of those (as well as Daniel's bpf patch) are Cc:stable
> fodder. Documentation is still, er, deficient...
... and unfortunately there are two more, exactly like debugfs -
securityfs and apparmorfs, found while sorting out the series
for separate rcu-delayed counterpart of ->destroy_inode().
Both are in vfs.git#fixes. Which way should that go - directly or
via linux-security.git? Both are stable fodder, in theory, but
much harder to hit than their ubifs/debugfs/bpf counterparts...
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: KASAN: use-after-free Read in path_lookupat
2019-04-10 18:11 ` KASAN: use-after-free Read in path_lookupat Al Viro
@ 2019-04-10 19:44 ` Linus Torvalds
0 siblings, 0 replies; 2+ messages in thread
From: Linus Torvalds @ 2019-04-10 19:44 UTC (permalink / raw)
To: Al Viro
Cc: syzbot, Alexei Starovoitov, Daniel Borkmann, linux-fsdevel,
Linux List Kernel Mailing, syzkaller-bugs, James Morris,
linux-security-module
On Wed, Apr 10, 2019 at 8:11 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> Both are in vfs.git#fixes. Which way should that go - directly or
> via linux-security.git?
Just do it directly. I doubt you can trigger them for securityfs and
apparmourfs, since normal users have no way to remove any files from
them, so the race with final unlink sounds fairly irrelevant in
practice, no?
Linus
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-10 19:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <0000000000006946d2057bbd0eef@google.com>
[not found] ` <CAHk-=wiijJMTw=nTj_ED+YWMCrvHzh3ezfVYRxvzcW6+trgyPA@mail.gmail.com>
[not found] ` <20190325045744.GK2217@ZenIV.linux.org.uk>
[not found] ` <CAHk-=wg4iJsMHBzK52WzP+5_92HbwvX_vh_s4mMUuN0FJGdM5A@mail.gmail.com>
[not found] ` <CAHk-=whJ4M5FegOLvnjUtJ0+pHv4L8UNFt+9jJDhox3Ada8kwA@mail.gmail.com>
[not found] ` <20190325211405.GP2217@ZenIV.linux.org.uk>
[not found] ` <CAHk-=wj+-e=X9cvvNwc5+QuvBOyYT7OtZTBzy-Wg8zGrUwxSbw@mail.gmail.com>
[not found] ` <20190325233731.GS2217@ZenIV.linux.org.uk>
[not found] ` <20190326014552.GY2217@ZenIV.linux.org.uk>
2019-04-10 18:11 ` KASAN: use-after-free Read in path_lookupat Al Viro
2019-04-10 19:44 ` Linus Torvalds
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).