On Mon, 05 Jun 2023 20:06:16 +0530, Siddh Raman Pant wrote: > NULL the dangling pipe reference while clearing watch_queue. > > If not done, a reference to a freed pipe remains in the watch_queue, > as this function is called before freeing a pipe in free_pipe_info() > (see line 834 of fs/pipe.c). > > The sole use of wqueue->defunct is for checking if the watch queue has > been cleared, but wqueue->pipe is also NULLed while clearing. > > [...] Massaged the commit message a bit and applied David's Ack as requested. --- Applied to the vfs.misc branch of the vfs/vfs.git tree. Patches in the vfs.misc branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.misc [1/1] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check https://git.kernel.org/vfs/vfs/c/ae33d3de5ff5
