[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220613094934.386152747@linuxfoundation.org>
Date: Mon, 13 Jun 2022 12:11:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Donald Buczek <buczek@...gen.mpg.de>,
Guoqing Jiang <guoqing.jiang@...ux.dev>,
Song Liu <song@...nel.org>, Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.18 255/339] md: protect md_unregister_thread from reentrancy
From: Guoqing Jiang <guoqing.jiang@...ud.ionos.com>
[ Upstream commit 1e267742283a4b5a8ca65755c44166be27e9aa0f ]
Generally, the md_unregister_thread is called with reconfig_mutex, but
raid_message in dm-raid doesn't hold reconfig_mutex to unregister thread,
so md_unregister_thread can be called simulitaneously from two call sites
in theory.
Then after previous commit which remove the protection of reconfig_mutex
for md_unregister_thread completely, the potential issue could be worse
than before.
Let's take pers_lock at the beginning of function to ensure reentrancy.
Reported-by: Donald Buczek <buczek@...gen.mpg.de>
Signed-off-by: Guoqing Jiang <guoqing.jiang@...ux.dev>
Signed-off-by: Song Liu <song@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/md/md.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 066f792b374e..f79cab8c7700 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7960,17 +7960,22 @@ EXPORT_SYMBOL(md_register_thread);
void md_unregister_thread(struct md_thread **threadp)
{
- struct md_thread *thread = *threadp;
- if (!thread)
- return;
- pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
- /* Locking ensures that mddev_unlock does not wake_up a
+ struct md_thread *thread;
+
+ /*
+ * Locking ensures that mddev_unlock does not wake_up a
* non-existent thread
*/
spin_lock(&pers_lock);
+ thread = *threadp;
+ if (!thread) {
+ spin_unlock(&pers_lock);
+ return;
+ }
*threadp = NULL;
spin_unlock(&pers_lock);
+ pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
kthread_stop(thread->tsk);
kfree(thread);
}
--
2.35.1
Powered by blists - more mailing lists