[PATCH] sysfs: pin kobjects to fix use-after-free crashes

[PATCH] sysfs: pin kobjects to fix use-after-free crashes

From: Maneesh Soni <maneesh@in.ibm.com>

Fix a sysfs use-after-free crash.  The problem we have is of the kobject
going away while we have a live dentry (the corresponding sysfs directory)
still pointing to it throuh d_fsdata pointer.  The patch makes sure to keep
the kobject alive by taking a reference to it during the life-time of
corresponding dentry.

o The following pins the kobject when sysfs assigns dentry and inode to
  the kobject. This ensures that kobject is alive during the life time of
  the dentry and inode, and people holding ref. to the dentry can access the
  kobject without any problems.

o The ref. taken for the kobject is released through dentry->d_op->d_iput()
  call when the dentry ref. count drops to zero and it is being freed. For
  this sysfs_dentry_operations is introduced.

For testing one has to run the following test on a SMP box:

1) Do insmod/rmmod "dummy.o" network driver in a forever loop.

2) Parallely do "find /sys/class/net | xargs cat" also in a forever loop.