Commit 8a65e057 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] security oops fix

From: Stephen Smalley <sds@epoch.ncsc.mil>

Looking at d_splice_alias, it appears that the security_d_instantiate call
in the first case (where it ends up moving an entry in place of the given
dentry) should be passing 'new' rather than 'dentry' to ensure that the
passed dentry is associated with the inode.  This patch should fix the
problem.

(Addresses bugzilla #2153)
parent e84f0355
...@@ -895,7 +895,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) ...@@ -895,7 +895,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
new = list_entry(inode->i_dentry.next, struct dentry, d_alias); new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
__dget_locked(new); __dget_locked(new);
spin_unlock(&dcache_lock); spin_unlock(&dcache_lock);
security_d_instantiate(dentry, inode); security_d_instantiate(new, inode);
d_rehash(dentry); d_rehash(dentry);
d_move(new, dentry); d_move(new, dentry);
iput(inode); iput(inode);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment