summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorMathias Krause <minipli@grsecurity.net>2024-02-04 08:51:52 +0100
committerKent Overstreet <kent.overstreet@linux.dev>2024-02-05 01:16:15 -0500
commitdd839f31d7cd5e04f4111a219024268c6f6973f0 (patch)
tree7d9cdd7be6e268d2ecfd020f868d56c0f3e466e3 /fs
parent6bb3f7f4c3f4da8e09de188f2f63e8f741bba3bd (diff)
downloadlwn-dd839f31d7cd5e04f4111a219024268c6f6973f0.tar.gz
lwn-dd839f31d7cd5e04f4111a219024268c6f6973f0.zip
bcachefs: install fd later to avoid race with close
Calling fd_install() makes a file reachable for userland, including the possibility to close the file descriptor, which leads to calling its 'release' hook. If that happens before the code had a chance to bump the reference of the newly created task struct, the release callback will call put_task_struct() too early, leading to the premature destruction of the kernel thread. Avoid that race by calling fd_install() later, after all the setup is done. Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit") Signed-off-by: Mathias Krause <minipli@grsecurity.net> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'fs')
-rw-r--r--fs/bcachefs/thread_with_file.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/thread_with_file.c b/fs/bcachefs/thread_with_file.c
index b1c867aa2b58..9220d7de10db 100644
--- a/fs/bcachefs/thread_with_file.c
+++ b/fs/bcachefs/thread_with_file.c
@@ -53,9 +53,9 @@ int bch2_run_thread_with_file(struct thread_with_file *thr,
if (ret)
goto err;
- fd_install(fd, file);
get_task_struct(thr->task);
wake_up_process(thr->task);
+ fd_install(fd, file);
return fd;
err:
if (fd >= 0)