git.ipfire.org Git - thirdparty/linux.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Wed, 14 Jan 2026 14:53:38 +0000 (15:53 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Fri, 16 Jan 2026 18:15:14 +0000 (19:15 +0100)
commit	cb8d2bdcb8241b66ca4ac4868f20e12cd6881ebc
tree	97daf2e5dbd891c4c3ea6d38a775077ca2f08bc3	tree \| snapshot
parent	4973d95679fb4f8bb4413dcb3bce435ef848285d	commit \| diff

fuse: fix race when disposing stale dentries

In fuse_dentry_tree_work() just before d_dispose_if_unused() the dentry
could get evicted, resulting in UAF.

Move unlocking dentry_hash[i].lock to after the dispose. To do this,
fuse_dentry_tree_del_node() needs to be moved from fuse_dentry_prune() to
fuse_dentry_release() to prevent an ABBA deadlock.

The lock ordering becomes:

-> dentry_bucket.lock
-> dentry.d_lock

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Closes: https://lore.kernel.org/all/20251206014242.GO1712166@ZenIV/
Fixes: ab84ad597386 ("fuse: new work queue to periodically invalidate expired dentries")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Link: https://patch.msgid.link/20260114145344.468856-2-mszeredi@redhat.com
Signed-off-by: Christian Brauner <brauner@kernel.org>