[Bug report] hash_name() may cross page boundary and trigger sleep in RCU context
Zizhi Wo
wozizhi at huaweicloud.com
Sun Nov 30 18:38:49 PST 2025
在 2025/11/29 11:55, Al Viro 写道:
> On Sat, Nov 29, 2025 at 09:02:27AM +0800, Zizhi Wo wrote:
>
>> Thank you very much for the answer. For the vmalloc area, I checked the
>> call points on the vfs side, such as dentry_string_cmp() or hash_name().
>> Their "names addr" are all assigned by kmalloc(), so there should be no
>> corresponding issues. But I'm not familiar with the other calling
>> points...
>
> Pathname might be a symlink body, sitting in page cache or whatever
> ->get_link() has returned...
>
Thanks for the additional explanation — I indeed hadn't considered
symlinks. But if the data is in the page cache, as I understand it, its
address wouldn't be in the vmalloc area, right? However, for other
.get_link implementations, it's true that there's no guarantee.
Thanks,
Zizhi Wo
More information about the linux-arm-kernel
mailing list