Message ID | 20250110024303.4157645-18-viro@zeniv.linux.org.uk (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | [01/20] make sure that DNAME_INLINE_LEN is a multiple of word size | expand |
On Fri 10-01-25 02:43:01, Al Viro wrote: > theoretically, ->d_name use in there is a UAF, but only if you are messing with > tracepoints... > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > fs/ocfs2/dcache.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > > diff --git a/fs/ocfs2/dcache.c b/fs/ocfs2/dcache.c > index ecb1ce6301c4..1873bbbb7e5b 100644 > --- a/fs/ocfs2/dcache.c > +++ b/fs/ocfs2/dcache.c > @@ -45,8 +45,7 @@ static int ocfs2_dentry_revalidate(struct inode *dir, const struct qstr *name, > inode = d_inode(dentry); > osb = OCFS2_SB(dentry->d_sb); > > - trace_ocfs2_dentry_revalidate(dentry, dentry->d_name.len, > - dentry->d_name.name); > + trace_ocfs2_dentry_revalidate(dentry, name->len, name->name); > > /* For a negative dentry - > * check the generation number of the parent and compare with the > @@ -54,12 +53,8 @@ static int ocfs2_dentry_revalidate(struct inode *dir, const struct qstr *name, > */ > if (inode == NULL) { > unsigned long gen = (unsigned long) dentry->d_fsdata; > - unsigned long pgen; > - spin_lock(&dentry->d_lock); > - pgen = OCFS2_I(d_inode(dentry->d_parent))->ip_dir_lock_gen; > - spin_unlock(&dentry->d_lock); > - trace_ocfs2_dentry_revalidate_negative(dentry->d_name.len, > - dentry->d_name.name, > + unsigned long pgen = OCFS2_I(dir)->ip_dir_lock_gen; > + trace_ocfs2_dentry_revalidate_negative(name->len, name->name, > pgen, gen); > if (gen != pgen) > goto bail; > -- > 2.39.5 >
diff --git a/fs/ocfs2/dcache.c b/fs/ocfs2/dcache.c index ecb1ce6301c4..1873bbbb7e5b 100644 --- a/fs/ocfs2/dcache.c +++ b/fs/ocfs2/dcache.c @@ -45,8 +45,7 @@ static int ocfs2_dentry_revalidate(struct inode *dir, const struct qstr *name, inode = d_inode(dentry); osb = OCFS2_SB(dentry->d_sb); - trace_ocfs2_dentry_revalidate(dentry, dentry->d_name.len, - dentry->d_name.name); + trace_ocfs2_dentry_revalidate(dentry, name->len, name->name); /* For a negative dentry - * check the generation number of the parent and compare with the @@ -54,12 +53,8 @@ static int ocfs2_dentry_revalidate(struct inode *dir, const struct qstr *name, */ if (inode == NULL) { unsigned long gen = (unsigned long) dentry->d_fsdata; - unsigned long pgen; - spin_lock(&dentry->d_lock); - pgen = OCFS2_I(d_inode(dentry->d_parent))->ip_dir_lock_gen; - spin_unlock(&dentry->d_lock); - trace_ocfs2_dentry_revalidate_negative(dentry->d_name.len, - dentry->d_name.name, + unsigned long pgen = OCFS2_I(dir)->ip_dir_lock_gen; + trace_ocfs2_dentry_revalidate_negative(name->len, name->name, pgen, gen); if (gen != pgen) goto bail;
theoretically, ->d_name use in there is a UAF, but only if you are messing with tracepoints... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> --- fs/ocfs2/dcache.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-)