kernfs_notify_workfn() dereferences kernfs_node::name and passes it
later to fsnotify(). If the node is renamed then the previously observed
name pointer becomes invalid.
Acquire kernfs_root::kernfs_rwsem to block renames of the node.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
---
fs/kernfs/file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
index 8502ef68459b9..38033caeaea51 100644
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -911,6 +911,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
/* kick fsnotify */
down_read(&root->kernfs_supers_rwsem);
+ down_read(&root->kernfs_rwsem);
list_for_each_entry(info, &kernfs_root(kn)->supers, node) {
struct kernfs_node *parent;
struct inode *p_inode = NULL;
@@ -948,6 +949,7 @@ static void kernfs_notify_workfn(struct work_struct *work)
}
up_read(&root->kernfs_supers_rwsem);
+ up_read(&root->kernfs_rwsem);
kernfs_put(kn);
goto repeat;
}
--
2.47.2
