Re: [PATCH] kernfs: fix suspicious RCU usage in kernfs_put()

[Tejun Heo]

On Thu, Apr 16, 2026 at 09:43:15AM -0400, Conor Kotwasinski wrote:
> Commit 741c10b096bc ("kernfs: Use RCU to access kernfs_node::name.")
> converted the WARN_ONCE() in kernfs_put() to read kn->name and
> parent->name via rcu_dereference(), but kernfs_put() has callers that
> hold neither kernfs_rwsem nor the RCU read lock. The inode eviction
> path driven by memory reclaim is one such case:
> 
>   kernfs_put+0x53/0x60 fs/kernfs/dir.c:602
>   evict+0x3c2/0xad0 fs/inode.c:846
>   iput_final fs/inode.c:1966 [inline]
>   iput.part.0+0x605/0xf50 fs/inode.c:2015
>   iput+0x35/0x40 fs/inode.c:1981
>   dentry_unlink_inode+0x2a1/0x490 fs/dcache.c:467
>   __dentry_kill+0x1d0/0x600 fs/dcache.c:670
>   shrink_dentry_list+0x180/0x5e0 fs/dcache.c:1174
>   prune_dcache_sb+0xea/0x150 fs/dcache.c:1256
>   super_cache_scan+0x328/0x550 fs/super.c:223
>   ...
>   kswapd+0x556/0xba0 mm/vmscan.c:7343
> 
> lockdep complains with "suspicious RCU usage" whenever the WARN
> fires from such a context.
> 
> Wrap the rcu_dereference() calls in an RCU read-side critical section.
> Gate on the active-ref check so the lock is only taken when the WARN
> is about to fire.
> 
> Note that this does not address the underlying imbalance in
> kn->active that triggers the WARN.
> 
> Fixes: 741c10b096bc ("kernfs: Use RCU to access kernfs_node::name.")
> Reported-by: syzbot+0dfe499ea713e0a15bec@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=0dfe499ea713e0a15bec
> 
> Signed-off-by: Conor Kotwasinski <conorkotwasinski2024@xxxxxxxxxxxxxxxxxx>

Acked-by: Tejun Heo <tj@xxxxxxxxxx>

Thanks.

-- 
tejun