kernfs: Acquire kernfs_rwsem in kernfs_notify_workfn().

kernfs_notify_workfn() dereferences kernfs_node::name and passes it
later to fsnotify(). If the node is renamed then the previously observed
name pointer becomes invalid.

Acquire kernfs_root::kernfs_rwsem to block renames of the node.

Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: https://lore.kernel.org/r/20250213145023.2820193-2-bigeasy@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
index 0eb320617d7b18e3a8a44168fe93c7da2bbcb1f3..c4ffa8dc89ebc0228ca44988bf67498bcd5a5798 100644 (file)
--- a/fs/kernfs/file.c
+++ b/fs/kernfs/file.c
@@ -911,6 +911,7 @@ repeat:
        /* kick fsnotify */
 
        down_read(&root->kernfs_supers_rwsem);
+       down_read(&root->kernfs_rwsem);
        list_for_each_entry(info, &kernfs_root(kn)->supers, node) {
                struct kernfs_node *parent;
                struct inode *p_inode = NULL;
@@ -947,6 +948,7 @@ repeat:
                iput(inode);
        }
 
+       up_read(&root->kernfs_rwsem);
        up_read(&root->kernfs_supers_rwsem);
        kernfs_put(kn);
        goto repeat;