On 10/5/20 4:17 PM, Ananth N Mavinakayanahalli wrote: > On 10/5/20 9:42 AM, Mahesh Salgaonkar wrote: >> Every error log reported by OPAL is exported to userspace through a sysfs >> interface and notified using kobject_uevent(). The userspace daemon >> (opal_errd) then reads the error log and acknowledges it error log is >> saved >> safely to disk. Once acknowledged the kernel removes the respective sysfs >> file entry causing respective resources getting released including >> kobject. >> >> However there are chances where user daemon may already be scanning elog >> entries while new sysfs elog entry is being created by kernel. User >> daemon >> may read this new entry and ack it even before kernel can notify >> userspace >> about it through kobject_uevent() call. If that happens then we have a >> potential race between elog_ack_store->kobject_put() and kobject_uevent >> which can lead to use-after-free issue of a kernfs object resulting >> into a >> kernel crash. This patch fixes this race by protecting a sysfs file >> creation/notification by holding an additional reference count on kobject >> until we safely send kobject_uevent(). >> >> Reported-by: Oliver O'Halloran <ooh...@gmail.com> >> Signed-off-by: Mahesh Salgaonkar <mah...@linux.ibm.com> >> Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.ibm.com> > > cc stable? >
Will add it in v3. Thanks, -Mahesh.
