diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-07-19 11:09:01 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-07-20 10:46:07 -0700 |
| commit | 353f7988dd8413c47718f7ca79c030b6fb62cfe5 (patch) | |
| tree | 9d783d2cd6d39d21d77767772558157c30c3d9be /block | |
| parent | 543ce63b664e2c2f9533d089a4664b559c3e6b5b (diff) | |
watchqueue: make sure to serialize 'wqueue->defunct' properly
When the pipe is closed, we mark the associated watchqueue defunct by
calling watch_queue_clear(). However, while that is protected by the
watchqueue lock, new watchqueue entries aren't actually added under that
lock at all: they use the pipe->rd_wait.lock instead, and looking up
that pipe happens without any locking.
The watchqueue code uses the RCU read-side section to make sure that the
wqueue entry itself hasn't disappeared, but that does not protect the
pipe_info in any way.
So make sure to actually hold the wqueue lock when posting watch events,
properly serializing against the pipe being torn down.
Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'block')
0 files changed, 0 insertions, 0 deletions