Re: [PATCH] fs/namei: fix UAF in pick_link() by unlazying before atime check

Next message: Jinjie Ruan: "Re: [PATCH v15 00/23] arm64/riscv: Add support for crashkernel CMA reservation"
Previous message: syzbot: "Forwarded: [PATCH] bpf: fix UAF by restoring RCU-delayed inode freeing in bpffs"
In reply to: Al Viro: "Re: [PATCH] fs/namei: fix UAF in pick_link() by unlazying before atime check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Mon Jun 01 2026 - 21:41:48 EST

On Tue, Jun 2, 2026 at 6:13 AM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> NAK. This is *not* fixing the real problem; it's papering over the
> real breakage. At a guess - in bpffs, if that's the same thing as
> in https://lore.kernel.org/all/20260423043906.GN3518998@ZenIV/
>
> Prompt freeing of inode is allowed *ONLY* if inode is never exposed
> to lazy pathwalk. It's OK for pipes, but this is not a pipe.

Thanks for the suggestion. I will send patch v2 with the required changes.

Thanks
Deepanshu