Re: [PATCH] kernfs: Drop kernfs_rwsem while invoking lookup_positive_unlocked().

From: Tejun Heo
Date: Tue Feb 18 2025 - 14:21:29 EST


On Tue, Feb 18, 2025 at 05:39:38PM +0100, Sebastian Andrzej Siewior wrote:
> syzbot reported two warnings:
> - kernfs_node::name was accessed outside of a RCU section so it created
> warning. The kernfs_rwsem was held so it was okay but it wasn't seen.
>
> - While kernfs_rwsem was held invoked lookup_positive_unlocked()->
> kernfs_dop_revalidate() which acquired kernfs_rwsem.
>
> kernfs_rwsem was both acquired as a read lock so it can be acquired
> twice. However if a writer acquires the lock after the first reader then
> neither the writer nor the second reader can obtain the lock so it
> deadlocks.
>
> The reason for the lock is to ensure that kernfs_node::name remain
> stable during lookup_positive_unlocked()'s invocation. The function can
> not be invoked within a RCU section because it may sleep.
>
> Make a temporary copy of the kernfs_node::name under the lock so
> GFP_KERNEL can be used and use this instead.
>
> Reported-by: syzbot+ecccecbc636b455f9084@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 5b2fabf7fe8f ("kernfs: Acquire kernfs_rwsem in kernfs_node_dentry().")
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>

Acked-by: Tejun Heo <tj@xxxxxxxxxx>

Thanks.

--
tejun