VisionFive2 Linux kernel

StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

More than 9999 Commits   34 Branches   58 Tags
author: Zqiang <qiang.zhang@windriver.com> 2021-05-26 13:08:26 +0800 committer: Jens Axboe <axboe@kernel.dk> 2021-05-26 09:03:56 -0600 commit: 3743c1723bfc62e69dbf022417720eed3f431b29 parent: 17a91051fe63b40ec651b80097c9fff5b093fdc5
Commit Summary:
io-wq: Fix UAF when wakeup wqe in hash waitqueue
Diffstat:
1 file changed, 5 insertions, 3 deletions
diff --git a/fs/io-wq.c b/fs/io-wq.c
index de9b7ba3ba01..b3e8624a37d0 100644
--- a/fs/io-wq.c
+++ b/fs/io-wq.c
@@ -1006,13 +1006,16 @@ static void io_wq_exit_workers(struct io_wq *wq)
 		struct io_wqe *wqe = wq->wqes[node];
 
 		io_wq_for_each_worker(wqe, io_wq_worker_wake, NULL);
-		spin_lock_irq(&wq->hash->wait.lock);
-		list_del_init(&wq->wqes[node]->wait.entry);
-		spin_unlock_irq(&wq->hash->wait.lock);
 	}
 	rcu_read_unlock();
 	io_worker_ref_put(wq);
 	wait_for_completion(&wq->worker_done);
+
+	for_each_node(node) {
+		spin_lock_irq(&wq->hash->wait.lock);
+		list_del_init(&wq->wqes[node]->wait.entry);
+		spin_unlock_irq(&wq->hash->wait.lock);
+	}
 	put_task_struct(wq->task);
 	wq->task = NULL;
 }