KASAN: use-after-free Read in path_lookupat

Linus Torvalds torvalds at linux-foundation.org
Wed Apr 10 19:44:41 UTC 2019

On Wed, Apr 10, 2019 at 8:11 AM Al Viro <viro at zeniv.linux.org.uk> wrote:
> Both are in vfs.git#fixes.  Which way should that go - directly or
> via linux-security.git?

Just do it directly. I doubt you can trigger them for securityfs and
apparmourfs, since normal users have no way to remove any files from
them, so the race with final unlink sounds fairly irrelevant in
practice, no?


More information about the Linux-security-module-archive mailing list