Re: [RFC] potential UAF in kvm_spapr_tce_attach_iommu_group() (was Re: [PATCH 11/19] switch simple users of fdget() to CLASS(fd, ...))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 9 Jun 2024 at 19:45, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> Unless I'm misreading that code (entirely possible), this fdput() shouldn't
> be done until we are done with stt.

Ack. That looks right to me.

If I follow it right, the lifetime of stt is tied to the lifetime of
the file (plus RCU), so doing fdput early and then dropping the RCU
lock means that stt may not be valid any more later.

Making it use the auto-release of a fd class sounds like a good fix,
but I don't know this code.

           Linus
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux