| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Mar 2024 18:45:38 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Cc: Mathias Krause <minipli@...ecurity.net>,
Kent Overstreet <kent.overstreet@...ux.dev>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH 6.7 612/713] bcachefs: install fd later to avoid race with close
From: Mathias Krause <minipli@...ecurity.net>
commit dd839f31d7cd5e04f4111a219024268c6f6973f0 upstream.
Calling fd_install() makes a file reachable for userland, including the
possibility to close the file descriptor, which leads to calling its
'release' hook. If that happens before the code had a chance to bump the
reference of the newly created task struct, the release callback will
call put_task_struct() too early, leading to the premature destruction
of the kernel thread.
Avoid that race by calling fd_install() later, after all the setup is
done.
Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit")
Signed-off-by: Mathias Krause <minipli@...ecurity.net>
Signed-off-by: Kent Overstreet <kent.overstreet@...ux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/bcachefs/chardev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/bcachefs/chardev.c b/fs/bcachefs/chardev.c
index 4bb88aefed121..64000c8da5ee6 100644
--- a/fs/bcachefs/chardev.c
+++ b/fs/bcachefs/chardev.c
@@ -392,10 +392,9 @@ static long bch2_ioctl_data(struct bch_fs *c,
goto err;
}
- fd_install(fd, file);
-
get_task_struct(ctx->thread);
wake_up_process(ctx->thread);
+ fd_install(fd, file);
return fd;
err:
--
2.43.0
Powered by blists - more mailing lists