[PATCH 6.7 612/713] bcachefs: install fd later to avoid race with close
From: Sasha Levin
Date: Sun Mar 24 2024 - 22:03:09 EST
From: Mathias Krause <minipli@xxxxxxxxxxxxxx>
commit dd839f31d7cd5e04f4111a219024268c6f6973f0 upstream.
Calling fd_install() makes a file reachable for userland, including the
possibility to close the file descriptor, which leads to calling its
'release' hook. If that happens before the code had a chance to bump the
reference of the newly created task struct, the release callback will
call put_task_struct() too early, leading to the premature destruction
of the kernel thread.
Avoid that race by calling fd_install() later, after all the setup is
done.
Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit")
Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Signed-off-by: Kent Overstreet <kent.overstreet@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/bcachefs/chardev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/bcachefs/chardev.c b/fs/bcachefs/chardev.c
index 4bb88aefed121..64000c8da5ee6 100644
--- a/fs/bcachefs/chardev.c
+++ b/fs/bcachefs/chardev.c
@@ -392,10 +392,9 @@ static long bch2_ioctl_data(struct bch_fs *c,
goto err;
}
- fd_install(fd, file);
-
get_task_struct(ctx->thread);
wake_up_process(ctx->thread);
+ fd_install(fd, file);
return fd;
err:
--
2.43.0