From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755496AbaAIXLH (ORCPT ); Thu, 9 Jan 2014 18:11:07 -0500 Received: from e35.co.us.ibm.com ([32.97.110.153]:36975 "EHLO e35.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752382AbaAIXLE (ORCPT ); Thu, 9 Jan 2014 18:11:04 -0500 Date: Thu, 9 Jan 2014 15:10:53 -0800 From: "Paul E. McKenney" To: Linus Torvalds Cc: Al Viro , Dave Chinner , linux-fsdevel@vger.kernel.org, James Morris , Andrew Morton , Stephen Smalley , "Theodore Ts'o" , Steven Rostedt , Eric Paris , stable , Paul Moore , LKML , Matthew Wilcox , Christoph Hellwig Subject: Re: [PATCH] vfs: Fix possible NULL pointer dereference in inode_permission() Message-ID: <20140109231053.GP10038@linux.vnet.ibm.com> Reply-To: paulmck@linux.vnet.ibm.com References: <20140109162731.12500986@gandalf.local.home> <20140109214239.GD29910@parisc-linux.org> <20140109165012.391db81e@gandalf.local.home> <20140109223127.GM10323@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 14010923-6688-0000-0000-0000055F6C00 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 10, 2014 at 06:41:03AM +0800, Linus Torvalds wrote: > I think the sane short term fix is to make the kfree() of the i_security > member be a rcu free, and not clear the member. Interesting use case. ;-) Thanx, Paul > Not pretty, but should did this case.. > > Linus > > On Jan 10, 2014 6:31 AM, "Al Viro" wrote: > > > > iput() definitely can sleep (that's when actual truncation and inode > > freeing is done for opened-and-unlinked files - on the final iput() after > > close()), but that' irrelevant here - fsnotify_delete_inode() grabs > > a bunch of mutexes, which makes calling it from rcu callback no-go.