On 2024/10/9 21:36, Zach Wade wrote:
On 2024/10/9 1:23, Kees Cook wrote:
On Wed, Oct 09, 2024 at 01:10:14AM +0800, Zach Wade wrote:
when unload pstore_blk, we will unlink the pstore file and
set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
may free inode of pos->dentr
On 2024/10/9 1:23, Kees Cook wrote:
On Wed, Oct 09, 2024 at 01:10:14AM +0800, Zach Wade wrote:
when unload pstore_blk, we will unlink the pstore file and
set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
may free inode of pos->dentry and free pos by free_pstore_private,
t
On Wed, Oct 09, 2024 at 01:10:14AM +0800, Zach Wade wrote:
> when unload pstore_blk, we will unlink the pstore file and
> set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
> may free inode of pos->dentry and free pos by free_pstore_private,
> this may trigger uaf. kasan report:
when unload pstore_blk, we will unlink the pstore file and
set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
may free inode of pos->dentry and free pos by free_pstore_private,
this may trigger uaf. kasan report:
kernel:
On Sun, Sep 29, 2024 at 08:43:37PM +0800, Li XingYang wrote:
> when unload pstore_blk, we will unlink the pstore file and
> set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
> may free inode of pos->dentry and free pos by free_pstore_private,
> this may trigger uaf. kasan repor
On Sun, Sep 29, 2024 at 08:43:37PM +0800, Li XingYang wrote:
I have another idea to fix this issue, which is to no longer use
pstore_put_mackend_records to release dentry, but instead to add the reference
count of the pstore backend driver when mounting pstore using try_rodule_get to
avoid unin
when unload pstore_blk, we will unlink the pstore file and
set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry)
may free inode of pos->dentry and free pos by free_pstore_private,
this may trigger uaf. kasan report:
kernel: =
