projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb893de) | patch
fix breakage in do_rmdir()
authorAl Viro <viro@zeniv.linux.org.uk>
Wed, 12 Aug 2020 04:15:18 +0000 (05:15 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 12 Aug 2020 17:22:39 +0000 (10:22 -0700)
commit24fb33d40d60bd7d196400e7d5b26ff566fd98b7
tree91905714cf8ebad56a8d3a5e889d60d774e5e92etree | snapshot
parentfb893de323e2d39f7a1f6df425703a2edbdf56eacommit | diff
fix breakage in do_rmdir()

syzbot reported and bisected a use-after-free due to the recent init
cleanups.

The putname() should happen only after we'd *not* branched to retry,
same as it's done in do_unlinkat().

Reported-by: syzbot+bbeb1c88016c7db4aa24@syzkaller.appspotmail.com
Fixes: e24ab0ef689d "fs: push the getname from do_rmdir into the callers"
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/namei.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)