[PATCH 2/2] fs/proc: take rcu_read_lock() in proc_sys_compare()
From: NeilBrown
Date: Wed Jun 11 2025 - 19:07:53 EST
proc_sys_compare() is the ->d_compare function for /proc/sys.
It uses rcu_dereference() which assumes the RCU read lock is held and
can complain if it isn't.
However there is no guarantee that this lock is held by d_same_name()
(the caller of ->d_compare). In particularly d_alloc_parallel() calls
d_same_name() after rcu_read_unlock().
So this patch calls rcu_read_lock() before accessing the inode (which
seems to be the focus of RCU protection here), and drops it afterwards.
Signed-off-by: NeilBrown <neil@xxxxxxxxxx>
---
fs/proc/proc_sysctl.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index cc9d74a06ff0..a4cdc0a189ef 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -917,19 +917,23 @@ static int proc_sys_compare(const struct dentry *dentry,
{
struct ctl_table_header *head;
struct inode *inode;
+ int ret;
/* Although proc doesn't have negative dentries, rcu-walk means
* that inode here can be NULL */
/* AV: can it, indeed? */
+ rcu_read_lock();
inode = d_inode_rcu(dentry);
- if (!inode)
- return 1;
- if (name->len != len)
- return 1;
- if (memcmp(name->name, str, len))
- return 1;
- head = rcu_dereference(PROC_I(inode)->sysctl);
- return !head || !sysctl_is_seen(head);
+ if (!inode ||
+ name->len != len ||
+ memcmp(name->name, str, len)) {
+ ret = 1;
+ } else {
+ head = rcu_dereference(PROC_I(inode)->sysctl);
+ ret = !head || !sysctl_is_seen(head);
+ }
+ rcu_read_unlock();
+ return ret;
}
static const struct dentry_operations proc_sys_dentry_operations = {
--
2.49.0