Re: Re: [BUG] fs/notify/mark: A potential use after free in fsnotify_put_mark_wake

> -原始邮件- > 发件人: "Jan Kara" > 发送时间: 2021-03-29 21:57:40 (星期一) > 收件人: lyl2...@mail.ustc.edu.cn > 抄送: j...@suse.cz, amir7...@gmail.com, linux-fsde...@vger.kernel.org, > linux-kernel@vger.kernel.org > 主题: Re: [BUG] fs/notify/mark: A potential use after fr

Re: [BUG] fs/notify/mark: A potential use after free in fsnotify_put_mark_wake

Hello! On Sun 28-03-21 17:11:43, lyl2...@mail.ustc.edu.cn wrote: > My static analyzer tool reported a use after free in > fsnotify_put_mark_wake > of the file: fs/notify/mark.c. > > In fsnotify_put_mark_wake, it calls fsnotify_put_mark(mark). Inside the > function > fsnotify_put_mark(),

[BUG] fs/notify/mark: A potential use after free in fsnotify_put_mark_wake

Hi, My static analyzer tool reported a use after free in fsnotify_put_mark_wake of the file: fs/notify/mark.c. In fsnotify_put_mark_wake, it calls fsnotify_put_mark(mark). Inside the function fsnotify_put_mark(), if conn is NULL, it will call fsnotify_final_mark_destroy(mark) to free