mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-04 21:42:31 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb8d2bdcb8241b66ca4ac4868f20e12cd6881ebc
linux/fs/fuse
History
Miklos Szeredi cb8d2bdcb8 fuse: fix race when disposing stale dentries 
In fuse_dentry_tree_work() just before d_dispose_if_unused() the dentry
could get evicted, resulting in UAF.

Move unlocking dentry_hash[i].lock to after the dispose.  To do this,
fuse_dentry_tree_del_node() needs to be moved from fuse_dentry_prune() to
fuse_dentry_release() to prevent an ABBA deadlock.

The lock ordering becomes:

 -> dentry_bucket.lock
    -> dentry.d_lock

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Closes: https://lore.kernel.org/all/20251206014242.GO1712166@ZenIV/
Fixes: ab84ad5973 ("fuse: new work queue to periodically invalidate expired dentries")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Link: https://patch.msgid.link/20260114145344.468856-2-mszeredi@redhat.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
2026-01-16 19:15:14 +01:00
..
acl.c
fuse: support idmapped ->set_acl
2024-09-04 16:51:11 +02:00
backing.c
fuse: move the backing file idr and code into a new source file
2025-09-25 16:06:02 +02:00
control.c
convert fuse_ctl
2025-11-16 01:35:03 -05:00
cuse.c
fuse: allow synchronous FUSE_INIT
2025-09-02 11:14:15 +02:00
dax.c
mm: remove callers of pfn_t functionality
2025-07-09 22:42:19 -07:00
dev_uring_i.h
fuse: add kernel-enforced timeout option for requests
2025-03-31 14:59:25 +02:00
dev_uring.c
Merge tag 'fuse-update-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2025-12-05 15:25:13 -08:00
dev.c
fuse: new work queue to invalidate dentries from old epochs
2025-11-12 11:45:03 +01:00
dir.c
fuse: fix race when disposing stale dentries
2026-01-16 19:15:14 +01:00
file.c
Merge tag 'fuse-update-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2025-12-05 15:25:13 -08:00
fuse_dev_i.h
fuse: missing copy_finish in fuse-over-io-uring argument copies
2025-11-12 11:45:03 +01:00
fuse_i.h
Merge tag 'fuse-update-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2025-12-05 15:25:13 -08:00
fuse_trace.h
fuse: add simple request tracepoints
2024-08-29 11:43:13 +02:00
inode.c
Merge tag 'fuse-update-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2025-12-05 15:25:13 -08:00
ioctl.c
Revert "fs: make vfs_fileattr_[get|set] return -EOPNOTSUPP"
2025-10-10 13:44:03 +02:00
iomode.c
fuse: remove unused 'inode' parameter in fuse_passthrough_open
2025-08-27 14:29:44 +02:00
Kconfig
fuse: fix references to fuse.rst -> fuse/fuse.rst
2025-09-02 11:14:15 +02:00
Makefile
fuse: move CREATE_TRACE_POINTS to a separate file
2025-09-25 16:22:18 +02:00
passthrough.c
fuse: move the backing file idr and code into a new source file
2025-09-25 16:06:02 +02:00
readdir.c
fuse: increase readdir buffer size
2025-05-29 12:31:24 +02:00
sysctl.c
fuse: add default_request_timeout and max_request_timeout sysctls
2025-03-31 14:59:27 +02:00
trace.c
fuse: move CREATE_TRACE_POINTS to a separate file
2025-09-25 16:22:18 +02:00
virtio_fs.c
virtio-fs: fix incorrect check for fsvq->kobj
2025-11-05 14:00:16 +01:00
xattr.c
fuse: make args->in_args[0] to be always the header
2025-01-24 11:54:02 +01:00