[PATCH] securityfs: Add missing d_delete() call on removal
Kees Cook
keescook at chromium.org
Wed May 6 22:49:52 UTC 2020
On Wed, May 06, 2020 at 07:49:20PM +0100, Al Viro wrote:
> On Wed, May 06, 2020 at 08:34:29AM -0700, Kees Cook wrote:
>
> > Just posted the whole series:
> > https://lore.kernel.org/lkml/20200506152114.50375-1-keescook@chromium.org/
> >
> > But the specific question was driven by this patch:
> > https://lore.kernel.org/lkml/20200506152114.50375-11-keescook@chromium.org/
>
> Yecchh... First of all, you are leaving a dangling pointer in your
> struct pstore_private ->dentry. What's more, in your case d_delete()
Yeah, good idea: I can wipe out the pstore_private->dentry at this point
just for robustness. From what I could tell the evict got immediately
called after the dput().
> is definitely wrong - either there are other references to dentry
> (in which case d_delete() is the same as d_drop()), or dput() right
> after it will drive ->d_count to zero and since you end up using
> simple_dentry_operations, dentry will be freed immediately after
> that.
Do you mean the d_drop() isn't needed? What happens if someone has
the file open during this routine? The goal here is to make these files
disappear so they'll go through evict.
> I have not looked at the locking in that series yet, so no comments
Yeah, I would not be surprised by some more locking issues, but I think
it's an improvement over what was there. Most of the code seems to have
been designed to be non-modular. :P
> on the races, but in any case - that d_delete() is a misspelled d_drop().
I'll change it; thanks!
--
Kees Cook
More information about the Linux-security-module-archive
mailing list