| Message ID | 20220602072943.8095-1-ruc_gongyuanjun@163.com (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [1/1] security: avoid a leak in securityfs_remove() | expand |
On Thu, Jun 2, 2022 at 3:31 AM Yuanjun Gong <ruc_gongyuanjun@163.com> wrote: > > Delete the dentry in securityfs_remove() to make sure the > dentry is not used by another thread and live longer than > the call of securityfs_remove(). > > Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com> > --- > security/inode.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/inode.c b/security/inode.c > index 6c326939750d..606f390d21d2 100644 > --- a/security/inode.c > +++ b/security/inode.c > @@ -306,6 +306,7 @@ void securityfs_remove(struct dentry *dentry) > simple_rmdir(dir, dentry); > else > simple_unlink(dir, dentry); > + d_delete(dentry); > dput(dentry); Doesn't the dput() call take care of this? Do you have a reproducer where you can show that we are leaking dentries? > } > inode_unlock(dir); > -- > 2.17.1
diff --git a/security/inode.c b/security/inode.c index 6c326939750d..606f390d21d2 100644 --- a/security/inode.c +++ b/security/inode.c @@ -306,6 +306,7 @@ void securityfs_remove(struct dentry *dentry) simple_rmdir(dir, dentry); else simple_unlink(dir, dentry); + d_delete(dentry); dput(dentry); } inode_unlock(dir);
Delete the dentry in securityfs_remove() to make sure the dentry is not used by another thread and live longer than the call of securityfs_remove(). Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com> --- security/inode.c | 1 + 1 file changed, 1 insertion(+)