• Ming Lei's avatar
    sysfs: check if one entry has been removed before freeing · bb2b0051
    Ming Lei authored
    It might be a kernel disaster if one sysfs entry is freed but
    still referenced by sysfs tree.
    
    Recently Dave and Sasha reported one use-after-free problem on
    sysfs entry, and the problem has been troubleshooted with help
    of debug message added in this patch.
    
    Given sysfs_get_dirent/sysfs_put are exported APIs, even inside
    sysfs they are called in many contexts(kobject/attribe add/delete,
    inode init/drop, dentry lookup/release, readdir, ...), it is healthful
    to check the removed flag before freeing one entry and dump message
    if it is freeing without being removed first.
    
    Cc: Dave Jones <davej@redhat.com>
    Cc: Sasha Levin <levinsasha928@gmail.com>
    Signed-off-by: default avatarMing Lei <ming.lei@canonical.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    bb2b0051
dir.c 25.4 KB