[PATCH v2] powernv/elog: Fix the race while processing OPAL error log event.
Oliver O'Halloran
oohall at gmail.com
Tue Oct 6 11:22:21 AEDT 2020
On Mon, Oct 5, 2020 at 11:07 PM Ananth N Mavinakayanahalli
<ananth at linux.ibm.com> wrote:
>
> On 10/5/20 9:42 AM, Mahesh Salgaonkar wrote:
> > Every error log reported by OPAL is exported to userspace through a sysfs
> > interface and notified using kobject_uevent(). The userspace daemon
> > (opal_errd) then reads the error log and acknowledges it error log is saved
> > safely to disk. Once acknowledged the kernel removes the respective sysfs
> > file entry causing respective resources getting released including kobject.
> >
> > However there are chances where user daemon may already be scanning elog
> > entries while new sysfs elog entry is being created by kernel. User daemon
> > may read this new entry and ack it even before kernel can notify userspace
> > about it through kobject_uevent() call. If that happens then we have a
> > potential race between elog_ack_store->kobject_put() and kobject_uevent
> > which can lead to use-after-free issue of a kernfs object resulting into a
> > kernel crash. This patch fixes this race by protecting a sysfs file
> > creation/notification by holding an additional reference count on kobject
> > until we safely send kobject_uevent().
> >
> > Reported-by: Oliver O'Halloran <oohall at gmail.com>
> > Signed-off-by: Mahesh Salgaonkar <mahesh at linux.ibm.com>
> > Signed-off-by: Aneesh Kumar K.V <aneesh.kumar at linux.ibm.com>
>
> cc stable?
+1
More information about the Linuxppc-dev
mailing list