• Al Viro's avatar
    fuse: fix UAF in rcu pathwalks · 053fc4f7
    Al Viro authored
    ->permission(), ->get_link() and ->inode_get_acl() might dereference
    ->s_fs_info (and, in case of ->permission(), ->s_fs_info->fc->user_ns
    as well) when called from rcu pathwalk.
    
    Freeing ->s_fs_info->fc is rcu-delayed; we need to make freeing ->s_fs_info
    and dropping ->user_ns rcu-delayed too.
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    053fc4f7
fuse_i.h 33.5 KB