kernfs: Acquire kernfs_rwsem in kernfs_notify_workfn().

kernfs_notify_workfn() dereferences kernfs_node::name and passes it later to fsnotify(). If the node is renamed then the previously observed name pointer becomes invalid. Acquire kernfs_root::kernfs_rwsem to block renames of the node. Acked-by: Tejun Heo <[email protected]> Signed-off-by: Sebastian Andrzej Siewior <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
author: Sebastian Andrzej Siewior <[email protected]> 2025-02-13 14:50:18 +0000
committer: Greg Kroah-Hartman <[email protected]> 2025-02-15 16:46:32 +0000
commit: 400188ae361a9d9a72a47a6cedaf2d2efcc84aa8 (patch)
tree: a1c6ee54247791f6b519b2f7e15a5d827bf99d74
parent: Linux 6.14-rc2 (diff)
download: kernel-400188ae361a9d9a72a47a6cedaf2d2efcc84aa8.tar.gz
kernel-400188ae361a9d9a72a47a6cedaf2d2efcc84aa8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
index 0eb320617d7b..c4ffa8dc89eb 100644
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -911,6 +911,7 @@ repeat:
 	/* kick fsnotify */
 
 	down_read(&root->kernfs_supers_rwsem);
+	down_read(&root->kernfs_rwsem);
 	list_for_each_entry(info, &kernfs_root(kn)->supers, node) {
 		struct kernfs_node *parent;
 		struct inode *p_inode = NULL;
@@ -947,6 +948,7 @@ repeat:
 		iput(inode);
 	}
 
+	up_read(&root->kernfs_rwsem);
 	up_read(&root->kernfs_supers_rwsem);
 	kernfs_put(kn);
 	goto repeat;
author	Sebastian Andrzej Siewior <[email protected]>	2025-02-13 14:50:18 +0000
committer	Greg Kroah-Hartman <[email protected]>	2025-02-15 16:46:32 +0000
commit	400188ae361a9d9a72a47a6cedaf2d2efcc84aa8 (patch)
tree	a1c6ee54247791f6b519b2f7e15a5d827bf99d74
parent	Linux 6.14-rc2 (diff)
download	kernel-400188ae361a9d9a72a47a6cedaf2d2efcc84aa8.tar.gz kernel-400188ae361a9d9a72a47a6cedaf2d2efcc84aa8.zip