[PATCH] ima: Fix use-after-free on a dentry's dname.name
Mimi Zohar
zohar at linux.ibm.com
Fri Mar 29 01:02:37 UTC 2024
On Fri, 2024-03-22 at 10:03 -0400, Stefan Berger wrote:
> ->d_name.name can change on rename and the earlier value can be freed;
> there are conditions sufficient to stabilize it (->d_lock on dentry,
> ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
> rename_lock), but none of those are met at any of the sites. Take a stable
> snapshot of the name instead.
>
> Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
Thanks, Al, Stefan.
Mimi
More information about the Linux-security-module-archive
mailing list