bcachefs: install fd later to avoid race with close
Calling fd_install() makes a file reachable for userland, including the
possibility to close the file descriptor, which leads to calling its
'release' hook. If that happens before the code had a chance to bump the
reference of the newly created task struct, the release callback will
call put_task_struct() too early, leading to the premature destruction
of the kernel thread.
Avoid that race by calling fd_install() later, after all the setup is
done.
Fixes: 1c6fdbd8f2 ("bcachefs: Initial commit")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Mathias Krause
Kent Overstreet
parent
6bb3f7f4c3
commit
dd839f31d7
@ -53,9 +53,9 @@ int bch2_run_thread_with_file(struct thread_with_file *thr,
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
fd_install(fd, file);
|
|
||||||
get_task_struct(thr->task);
|
get_task_struct(thr->task);
|
||||||
wake_up_process(thr->task);
|
wake_up_process(thr->task);
|
||||||
|
fd_install(fd, file);
|
||||||
return fd;
|
return fd;
|
||||||
err:
|
err:
|
||||||
if (fd >= 0)
|
if (fd >= 0)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user