• Pan Bian's avatar
    exportfs: do not read dentry after free · d2139ee7
    Pan Bian authored
    [ Upstream commit 2084ac6c505a58f7efdec13eba633c6aaa085ca5 ]
    
    The function dentry_connected calls dput(dentry) to drop the previously
    acquired reference to dentry. In this case, dentry can be released.
    After that, IS_ROOT(dentry) checks the condition
    (dentry == dentry->d_parent), which may result in a use-after-free bug.
    This patch directly compares dentry with its parent obtained before
    dropping the reference.
    
    Fixes: a056cc89("exportfs: stop retrying once we race with
    rename/remove")
    Signed-off-by: default avatarPan Bian <bianpan2016@163.com>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    d2139ee7
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...