Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754697AbdDORIs (ORCPT ); Sat, 15 Apr 2017 13:08:48 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:35996 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754109AbdDORIq (ORCPT ); Sat, 15 Apr 2017 13:08:46 -0400 Date: Sat, 15 Apr 2017 18:08:42 +0100 From: Al Viro To: Linus Torvalds Cc: Vegard Nossum , LKML , linux-fsdevel Subject: Re: [git pull] vfs fixes Message-ID: <20170415170841.GR29622@ZenIV.linux.org.uk> References: <20170409053956.GB29622@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 639 Lines: 13 On Sat, Apr 15, 2017 at 09:51:40AM -0700, Linus Torvalds wrote: > On Fri, Apr 14, 2017 at 11:41 PM, Vegard Nossum wrote: > > > > I'm seeing the same memfd_create/name_to_handle_at/path_lookupat > > use-after-free that Dmitry was seeing here: > > Ok, see if that is gone in current git with commit c0eb027e5aef ("vfs: > don't do RCU lookup of empty pathnames") FWIW, I'm finishing testing of fixes for crap found during the discussion of that stuff last week (making sure that mntns_install() can't be abused into setting ->fs->root/->fs->pwd to dentry of NFS referral and its ilk and doing that in a sane way).