diff options
| author | Pasha Tatashin <pasha.tatashin@soleen.com> | 2026-05-27 23:27:34 +0300 |
|---|---|---|
| committer | Mike Rapoport (Microsoft) <rppt@kernel.org> | 2026-06-01 09:19:38 +0300 |
| commit | d3ae9e7fddb4036f50003d7fa1ef52801fdb961b (patch) | |
| tree | 126f2737a389e48e32962f2dd44bcc34a771321e | |
| parent | 5eff62b051fbdb686e885c1468301d964f2e3d66 (diff) | |
| download | linux-d3ae9e7fddb4036f50003d7fa1ef52801fdb961b.tar.xz | |
liveupdate: fix TOCTOU race in luo_session_retrieve()
Extend the scope of the rwsem_read lock in luo_session_retrieve() to
overlap with the acquisition of the session mutex. This prevents a
concurrent thread from releasing and freeing the session between the
lookup and the mutex lock.
Fixes: 0153094d03df ("liveupdate: luo_session: add sessions support")
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Pratyush Yadav (Google) <pratyush@kernel.org>
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Link: https://patch.msgid.link/20260527202737.1345192-3-pasha.tatashin@soleen.com
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
| -rw-r--r-- | kernel/liveupdate/luo_session.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_session.c index 099db679bdc5..a1c742eeb444 100644 --- a/kernel/liveupdate/luo_session.c +++ b/kernel/liveupdate/luo_session.c @@ -463,12 +463,11 @@ int luo_session_retrieve(const char *name, struct file **filep) struct luo_session *it; int err; - scoped_guard(rwsem_read, &sh->rwsem) { - list_for_each_entry(it, &sh->list, list) { - if (!strncmp(it->name, name, sizeof(it->name))) { - session = it; - break; - } + guard(rwsem_read)(&sh->rwsem); + list_for_each_entry(it, &sh->list, list) { + if (!strncmp(it->name, name, sizeof(it->name))) { + session = it; + break; } } |
