www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Sebastian Andrzej Siewior <bigeasy@linutronix.de>
	Tue, 18 Feb 2025 16:39:38 +0000 (17:39 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 19 Feb 2025 16:07:41 +0000 (17:07 +0100)
commit	6ef5b6fae304091593956be59065c0c8633ad9e8
tree	084defd6dd2a5ef59b4ba40a5ad766b2b9922853	tree
parent	2ce177e9b3649afa9c19cc71460f3ad50e7fd344	commit \| diff

kernfs: Drop kernfs_rwsem while invoking lookup_positive_unlocked().

syzbot reported two warnings:
- kernfs_node::name was accessed outside of a RCU section so it created
warning. The kernfs_rwsem was held so it was okay but it wasn't seen.

- While kernfs_rwsem was held invoked lookup_positive_unlocked()->
kernfs_dop_revalidate() which acquired kernfs_rwsem.

kernfs_rwsem was both acquired as a read lock so it can be acquired
twice. However if a writer acquires the lock after the first reader then
neither the writer nor the second reader can obtain the lock so it
deadlocks.

The reason for the lock is to ensure that kernfs_node::name remain
stable during lookup_positive_unlocked()'s invocation. The function can
not be invoked within a RCU section because it may sleep.

Make a temporary copy of the kernfs_node::name under the lock so
GFP_KERNEL can be used and use this instead.

Reported-by: syzbot+ecccecbc636b455f9084@syzkaller.appspotmail.com
Fixes: 5b2fabf7fe8f ("kernfs: Acquire kernfs_rwsem in kernfs_node_dentry().")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20250218163938.xmvjlJ0K@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>