Re: [PATCH] fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()

Next message: Mark Brown: "linux-next: Tree for Jun 3"
Previous message: Anna Schumaker: "Re: [PATCH v1 6/7] nfs: Optimize direct I/O to use folios for requests"
In reply to: Jann Horn: "Re: [PATCH] fhandle: fix UAF due to unlocked -&gt;mnt_ns read in may_decode_fh()"
Next in thread: Christian Brauner: "Re: [PATCH] fhandle: fix UAF due to unlocked -&gt;mnt_ns read in may_decode_fh()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jann Horn

Date: Wed Jun 03 2026 - 15:15:21 EST

On Wed, Jun 3, 2026 at 9:08 PM Jann Horn <jannh@xxxxxxxxxx> wrote:
> (And there's also that weird detail of how, for anonymous namespaces,
> the active refcount isn't used and AFAICS never actually drops to
> zero...)

(Er, nevermind, I missed that anonymous namespaces just have their
active refcount set to 0 from the start already.)