diff options
| author | Amir Goldstein <[email protected]> | 2023-11-20 13:43:34 +0000 |
|---|---|---|
| committer | Amir Goldstein <[email protected]> | 2023-11-20 14:01:45 +0000 |
| commit | 2c3ef4f89ced1a9d3a6fd4f6457be5c440c89362 (patch) | |
| tree | 3317991409c4d11aa8805e67ad5108905722c0be /security/selinux/hooks.c | |
| parent | ovl: remove redundant ofs->indexdir member (diff) | |
| download | kernel-2c3ef4f89ced1a9d3a6fd4f6457be5c440c89362.tar.gz kernel-2c3ef4f89ced1a9d3a6fd4f6457be5c440c89362.zip | |
ovl: initialize ovl_copy_up_ctx.destname inside ovl_do_copy_up()
The ->destname member of struct ovl_copy_up_ctx is initialized inside
ovl_copy_up_one() to ->d_name of the overlayfs dentry being copied up
and then it may be overridden by index name inside ovl_do_copy_up().
ovl_inode_lock() in ovl_copy_up_start() and ovl_copy_up() in ovl_rename()
effectively stabilze ->d_name of the overlayfs dentry being copied up,
but ovl_inode_lock() is not held when ->d_name is being read.
It is not a correctness bug, because if ovl_do_copy_up() races with
ovl_rename() and ctx.destname is freed, we will not end up calling
ovl_do_copy_up() with the dead name reference.
The code becomes much easier to understand and to document if the
initialization of c->destname is always done inside ovl_do_copy_up(),
either to the index entry name, or to the overlay dentry ->d_name.
Signed-off-by: Amir Goldstein <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions