Commit 400188ae authored Feb 13, 2025 by Sebastian Andrzej Siewior Committed by Greg Kroah-Hartman Feb 15, 2025

kernfs: Acquire kernfs_rwsem in kernfs_notify_workfn().



kernfs_notify_workfn() dereferences kernfs_node::name and passes it
later to fsnotify(). If the node is renamed then the previously observed
name pointer becomes invalid.

Acquire kernfs_root::kernfs_rwsem to block renames of the node.

Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: https://lore.kernel.org/r/20250213145023.2820193-2-bigeasy@linutronix.de


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent a64dcfb4

fs/kernfs/file.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -911,6 +911,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
		/* kick fsnotify */

		down_read(&root->kernfs_supers_rwsem);
		down_read(&root->kernfs_rwsem);
		list_for_each_entry(info, &kernfs_root(kn)->supers, node) {
		struct kernfs_node *parent;
		struct inode *p_inode = NULL;
		@@ -947,6 +948,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
		iput(inode);
		}

		up_read(&root->kernfs_rwsem);
		up_read(&root->kernfs_supers_rwsem);
		kernfs_put(kn);
		goto repeat;