On Sat, Apr 22, 2023 at 7:42 PM Yu Kuai <yukuai1@xxxxxxxxxxxxxxx> wrote: > > Hi, > > 在 2023/04/14 9:32, Yu Kuai 写道: > > From: Yu Kuai <yukuai3@xxxxxxxxxx> > > > > Our test reports a uaf for 'mddev->sync_thread': > > > > T1 T2 > > md_start_sync > > md_register_thread > > // mddev->sync_thread is set > > raid1d > > md_check_recovery > > md_reap_sync_thread > > md_unregister_thread > > kfree > > > > md_wakeup_thread > > wake_up > > ->sync_thread was freed > > > > Root cause is that there is a small windown between register thread and > > wake up thread, where the thread can be freed concurrently. > > > > Currently, a global spinlock 'pers_lock' is borrowed to protect > > 'mddev->thread', this problem can be fixed likewise, however, there are > > similar problems elsewhere, and use a global lock for all the cases is > > not good. > > > > This patch protect all md_thread with rcu. > > Friendly ping... Or do I need to resend the whole patchset for v7? Sorry for the delay. But yes, please resend the whole patchset. Song
