• Li Zefan's avatar
    cgroup: fix cgroup_path() vs rename() race · 65dff759
    Li Zefan authored
    rename() will change dentry->d_name. The result of this race can
    be worse than seeing partially rewritten name, but we might access
    a stale pointer because rename() will re-allocate memory to hold
    a longer name.
    
    As accessing dentry->name must be protected by dentry->d_lock or
    parent inode's i_mutex, while on the other hand cgroup-path() can
    be called with some irq-safe spinlocks held, we can't generate
    cgroup path using dentry->d_name.
    
    Alternatively we make a copy of dentry->d_name and save it in
    cgrp->name when a cgroup is created, and update cgrp->name at
    rename().
    
    v5: use flexible array instead of zero-size array.
    v4: - allocate root_cgroup_name and all root_cgroup->name points to it.
        - add cgroup_name() wrapper.
    v3: use kfree_rcu() instead of synchronize_rcu() in user-visible path.
    v2: make cgrp->name RCU safe.
    Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    65dff759
blk-cgroup.h 15.1 KB