linux-stable/security
Stefan Berger 0b31e28fbd ima: Fix use-after-free on a dentry's dname.name
commit be84f32bb2 upstream.

->d_name.name can change on rename and the earlier value can be freed;
there are conditions sufficient to stabilize it (->d_lock on dentry,
->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
rename_lock), but none of those are met at any of the sites. Take a stable
snapshot of the name instead.

Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
2024-12-14 19:51:45 +01:00
..
apparmor apparmor: test: Fix memory leak for aa_unpack_strdup() 2024-12-14 19:51:14 +01:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-10-17 15:11:18 +02:00
integrity ima: Fix use-after-free on a dentry's dname.name 2024-12-14 19:51:45 +01:00
keys security/keys: fix slab-out-of-bounds in key_task_permission 2024-11-14 13:13:36 +01:00
landlock landlock: Don't lose track of restrictions on cred_transfer 2024-08-19 05:45:10 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: improve error checking in sel_write_load() 2024-11-01 01:52:38 +01:00
smack selinux,smack: don't bypass permissions check in inode_setsecctx hook 2024-10-17 15:11:10 +02:00
tomoyo tomoyo: fallback to realpath if symlink's pathname does not exist 2024-10-17 15:11:41 +02:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c
Kconfig proc: add config & param to block forcing mem writes 2024-10-17 15:11:27 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c
security.c ima: Avoid blocking in RCU read-side critical section 2024-07-18 13:07:34 +02:00