On Mon, Oct 5, 2020 at 11:07 PM Ananth N Mavinakayanahalli <ana...@linux.ibm.com> wrote: > > On 10/5/20 9:42 AM, Mahesh Salgaonkar wrote: > > Every error log reported by OPAL is exported to userspace through a sysfs > > interface and notified using kobject_uevent(). The userspace daemon > > (opal_errd) then reads the error log and acknowledges it error log is saved > > safely to disk. Once acknowledged the kernel removes the respective sysfs > > file entry causing respective resources getting released including kobject. > > > > However there are chances where user daemon may already be scanning elog > > entries while new sysfs elog entry is being created by kernel. User daemon > > may read this new entry and ack it even before kernel can notify userspace > > about it through kobject_uevent() call. If that happens then we have a > > potential race between elog_ack_store->kobject_put() and kobject_uevent > > which can lead to use-after-free issue of a kernfs object resulting into a > > kernel crash. This patch fixes this race by protecting a sysfs file > > creation/notification by holding an additional reference count on kobject > > until we safely send kobject_uevent(). > > > > Reported-by: Oliver O'Halloran <ooh...@gmail.com> > > Signed-off-by: Mahesh Salgaonkar <mah...@linux.ibm.com> > > Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.ibm.com> > > cc stable?
+1
