The patch titled
fix sysfs_readdir oops
has been added to the -mm tree. Its filename is
fix-sysfs_readdir-oops.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: fix sysfs_readdir oops
From: Maneesh Soni <maneesh@xxxxxxxxxx>
o sysfs_d_iput() is invoked in dentry reclaim path under memory pressure. This
happens without i_mutex. It also nullifies s_dentry to indicate that
the associated dentry is evicted. sysfs_readdir() accesses the s_dentry,
and gets the inode number from the associated dentry->d_inode, if
there is one, else it invokes iunique(). This can create a race situation,
and crash while accessing the d_inode in sysfs_readdir().
o The race happens when the dentry is getting reclaimed and detached from
the corresponding sysfs_dirent though sysfs_dirent is still a valid
node. Accessing dentry fields are ok as it is under RCU but the inode is
not hence we may see oops accessing dentry->d_inode->i_no.
o The following patch always use i_unique() to get the inode number in
sysfs_readdir. This is ok as sysfs doesnot have permanent inode numbering.
It could be slower but avoids the oops.
Signed-off-by: Maneesh Soni <maneesh@xxxxxxxxxx>
Cc: Dipankar Sarma <dipankar@xxxxxxxxxx>
Cc: Ethan Solomita <solo@xxxxxxxxxx>
Cc: Greg KH <greg@xxxxxxxxx>
Cc: Martin Bligh <mbligh@xxxxxxxxxx>
Cc: Rohit Seth <rohitseth@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/sysfs/dir.c | 5 +----
1 files changed, 1 insertion(+), 4 deletions(-)
diff -puN fs/sysfs/dir.c~fix-sysfs_readdir-oops fs/sysfs/dir.c
--- a/fs/sysfs/dir.c~fix-sysfs_readdir-oops
+++ a/fs/sysfs/dir.c
@@ -538,10 +538,7 @@ static int sysfs_readdir(struct file * f
name = sysfs_get_name(next);
len = strlen(name);
- if (next->s_dentry)
- ino = next->s_dentry->d_inode->i_ino;
- else
- ino = iunique(sysfs_sb, 2);
+ ino = iunique(sysfs_sb, 2);
if (filldir(dirent, name, len, filp->f_pos, ino,
dt_type(next)) < 0)
_
Patches currently in -mm which might be from maneesh@xxxxxxxxxx are
fix-sysfs_readdir-oops.patch
fix-quadratic-behavior-of-shrink_dcache_parent.patch
kprobes-print-details-of-kretprobe-on-assertion-failure.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
