Drawing from the comments on the last two patches from me and Dmitry, the concensus is that __filename_parentat() is inherently buggy, and should be removed. But there's some nice consistency to the way that the other functions (filename_create, filename_lookup) are named which would get broken. I looked at the callers of filename_create and filename_lookup. All are small functions which are trivial to modify to include a putname(). It seems to me that adding a few more lines to these functions is a good traedoff for better clarity on lifetimes (as it's uncommon for functions to drop references to their parameters) and better consistency. This small series combines the UAF fix from me, and the removal of __filename_parentat() from Dmitry as patch 1. Then I standardize filename_create() and filename_lookup() and their callers. v2: Fix double getname in user_path_create() Stephen Brennan (3): namei: Fix use after free in kern_path_locked namei: Standardize callers of filename_lookup() namei: Standardize callers of filename_create() fs/fs_parser.c | 1 - fs/namei.c | 126 ++++++++++++++++++++++++++----------------------- 2 files changed, 66 insertions(+), 61 deletions(-) -- 2.30.2
