[PATCH AUTOSEL 6.6 210/294] kernfs: Acquire kernfs_rwsem in kernfs_notify_workfn().

5 May 2025

From: Sebastian Andrzej Siewior bigeasy@linutronix.de
[ Upstream commit 400188ae361a9d9a72a47a6cedaf2d2efcc84aa8 ]
kernfs_notify_workfn() dereferences kernfs_node::name and passes it
later to fsnotify(). If the node is renamed then the previously observed
name pointer becomes invalid.
Acquire kernfs_root::kernfs_rwsem to block renames of the node.
Acked-by: Tejun Heo tj@kernel.org
Signed-off-by: Sebastian Andrzej Siewior bigeasy@linutronix.de
Link: https://lore.kernel.org/r/20250213145023.2820193-2-bigeasy@linutronix.de
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Sasha Levin sashal@kernel.org
---
 fs/kernfs/file.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
index 332d08d2fe0d5..501502cd5194e 100644
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -926,6 +926,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
    /* kick fsnotify */
down_read(&root->kernfs_supers_rwsem);
+	down_read(&root->kernfs_rwsem);
    list_for_each_entry(info, &kernfs_root(kn)->supers, node) {
    	struct kernfs_node *parent;
    	struct inode *p_inode = NULL;
@@ -962,6 +963,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
    	iput(inode);
    }
+	up_read(&root->kernfs_rwsem);
    up_read(&root->kernfs_supers_rwsem);
    kernfs_put(kn);
    goto repeat;
-- 
2.39.5



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH AUTOSEL 6.6 210/294] kernfs: Acquire kernfs_rwsem in kernfs_notify_workfn().