This is a note to let you know that I've just added the patch titled
bcachefs: install fd later to avoid race with close
to the 6.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bcachefs-install-fd-later-to-avoid-race-with-close.patch
and it can be found in the queue-6.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 41db2999d156130e58fbf79dc73f8b986a445a58 Mon Sep 17 00:00:00 2001
From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Date: Sun, 4 Feb 2024 08:51:52 +0100
Subject: bcachefs: install fd later to avoid race with close
From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
commit dd839f31d7cd5e04f4111a219024268c6f6973f0 upstream.
Calling fd_install() makes a file reachable for userland, including the
possibility to close the file descriptor, which leads to calling its
'release' hook. If that happens before the code had a chance to bump the
reference of the newly created task struct, the release callback will
call put_task_struct() too early, leading to the premature destruction
of the kernel thread.
Avoid that race by calling fd_install() later, after all the setup is
done.
Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit")
Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Signed-off-by: Kent Overstreet <kent.overstreet@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/bcachefs/chardev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/fs/bcachefs/chardev.c
+++ b/fs/bcachefs/chardev.c
@@ -392,10 +392,9 @@ static long bch2_ioctl_data(struct bch_f
goto err;
}
- fd_install(fd, file);
-
get_task_struct(ctx->thread);
wake_up_process(ctx->thread);
+ fd_install(fd, file);
return fd;
err:
Patches currently in stable-queue which might be from minipli@xxxxxxxxxxxxxx are
queue-6.7/bcachefs-install-fd-later-to-avoid-race-with-close.patch
