linux-stable.git - Linux kernel stable tree

diff options

author	ChenXiaoSong <chenxiaosong2@huawei.com>	2022-02-15 15:10:30 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-03-02 11:38:13 +0100
commit	a37024f7757c25550accdebf49e497ad6ae239fe (patch)
tree	e9b85ed16b591225ced80328d84ad9ac197c3847 /fs/dlm
parent	0921d16eb7daadcba871889003fac494f6efc0f5 (diff)
download	linux-stable-a37024f7757c25550accdebf49e497ad6ae239fe.tar.gz linux-stable-a37024f7757c25550accdebf49e497ad6ae239fe.tar.bz2 linux-stable-a37024f7757c25550accdebf49e497ad6ae239fe.zip

configfs: fix a race in configfs_{,un}register_subsystem()

[ Upstream commit 84ec758fb2daa236026506868c8796b0500c047d ] When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex. Fixes: 7063fbf22611 ("[PATCH] configfs: User-driven configuration filesystem") Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com> Signed-off-by: Laibin Qiu <qiulaibin@huawei.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'fs/dlm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: