On Sat, Nov 24, 2018 at 05:23:24PM +0800, Pan Bian wrote:
> After calling dput(new_dentry), new_dentry is passed to fsnotify_move.
> This may result in a use-after-free bug. This patch moves the put
> operation late.
>
> Fixes: 49d31c2f389a("dentry name snapshots")
What does that commit have to do with anything? The broken part is
fsnotify_move(new_dir, old_dir, old_dentry->d_name.name,
new_is_dir, NULL, new_dentry);
and it predates that commit by 3 years - it came from da1ce0670c14 ("vfs: add
cross-rename")...
