Re: [PATCH v2] bpf: fix UAF by restoring RCU-delayed inode freeing in bpffs

Next message: Eric Biggers: "Re: [PATCH v7 10/43] btrfs: start using fscrypt hooks"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure"
In reply to: Alexei Starovoitov: "Re: [PATCH v2] bpf: fix UAF by restoring RCU-delayed inode freeing in bpffs"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH v2] bpf: fix UAF by restoring RCU-delayed inode freeing in bpffs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro

Date: Mon Jun 01 2026 - 23:13:23 EST

On Mon, Jun 01, 2026 at 07:54:35PM -0700, Alexei Starovoitov wrote:

> > Fixes: 4f375ade6aa9 ("bpf: Avoid RCU context warning when unpinning htab with internal structs")
> > Reported-by: syzbot+36e50496c8ac4bcde3f9@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Closes: https://syzkaller.appspot.com/bug?extid=36e50496c8ac4bcde3f9
> > Suggested-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> > Link: https://lore.kernel.org/all/20260423043906.GN3518998@ZenIV/
> > Link: https://lore.kernel.org/all/20260602002607.110866-1-kartikey406@xxxxxxxxx/T/ [v1]
> > Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>
> > ---
> > Changes in v2:
> > - NAK on v1 fix in fs/namei.c (pick_link) by Al Viro
> > - v1 was papering over the symptom not fixing root cause
> > - real fix is in kernel/bpf/inode.c as suggested by Al Viro

> Al,
> please ack.

Acked-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

My apologies - should've followed up on that myself after your
reply in the original thread, but that has fallen through the
cracks ;-/