sysfs: fix race between readdir and lseek
authorMing Lei <ming.lei@canonical.com>
Wed, 20 Mar 2013 15:25:24 +0000 (23:25 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 5 Apr 2013 17:04:16 +0000 (10:04 -0700)
commit01fadbb46b6da196c594ac2266674136cda465a6
treed6618c8c8da329a875715c42dd37e913ffd6c90e
parentd8022cb2b0ea2e5d926c9e2a041e411d71fd3d9e
sysfs: fix race between readdir and lseek

commit 991f76f837bf22c5bb07261cfd86525a0a96650c upstream.

While readdir() is running, lseek() may set filp->f_pos as zero,
then may leave filp->private_data pointing to one sysfs_dirent
object without holding its reference counter, so the sysfs_dirent
object may be used after free in next readdir().

This patch holds inode->i_mutex to avoid the problem since
the lock is always held in readdir path.

Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/sysfs/dir.c