diff options
| author | Ming Lei <ming.lei@canonical.com> | 2013-03-20 23:25:24 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-04-05 10:16:36 -0700 |
| commit | f366c8f271888f48e15cc7c0ab70f184c220c8a4 (patch) | |
| tree | aebc7a00320fab15591ccac294f3ea4c87e729f6 /kernel/trace | |
| parent | 3d8c163a2ecea7dd6c2c9efd68b6348ef0248733 (diff) | |
| download | kernel_samsung_tuna-f366c8f271888f48e15cc7c0ab70f184c220c8a4.zip kernel_samsung_tuna-f366c8f271888f48e15cc7c0ab70f184c220c8a4.tar.gz kernel_samsung_tuna-f366c8f271888f48e15cc7c0ab70f184c220c8a4.tar.bz2 | |
sysfs: fix race between readdir and lseek
commit 991f76f837bf22c5bb07261cfd86525a0a96650c upstream.
While readdir() is running, lseek() may set filp->f_pos as zero,
then may leave filp->private_data pointing to one sysfs_dirent
object without holding its reference counter, so the sysfs_dirent
object may be used after free in next readdir().
This patch holds inode->i_mutex to avoid the problem since
the lock is always held in readdir path.
Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'kernel/trace')
0 files changed, 0 insertions, 0 deletions