tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'filelock-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux

Pull file locking fixes from Jeff Layton:
"Just a couple of late-breaking patches for the file locking code. The
second patch (from yangerkun) fixes a rather nasty looking potential
use-after-free that should go to stable.

The other patch could technically wait for 5.7, but it's fairly
innocuous so I figured we might as well take it"

* tag 'filelock-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
locks: fix a potential use-after-free problem when wakeup a waiter
fcntl: Distribute switch variables for initialization

Linus Torvalds 0b25d458 ae24a21b

+4 -16
+4 -2
fs/fcntl.c
··· 735 735 return; 736 736 737 737 switch (signum) { 738 - kernel_siginfo_t si; 739 - default: 738 + default: { 739 + kernel_siginfo_t si; 740 + 740 741 /* Queue a rt signal with the appropriate fd as its 741 742 value. We use SI_SIGIO as the source, not 742 743 SI_KERNEL, since kernel signals always get ··· 770 769 si.si_fd = fd; 771 770 if (!do_send_sig_info(signum, &si, p, type)) 772 771 break; 772 + } 773 773 /* fall-through - fall back on the old plain SIGIO signal */ 774 774 case 0: 775 775 do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, type);
-14
fs/locks.c
··· 753 753 { 754 754 int status = -ENOENT; 755 755 756 - /* 757 - * If fl_blocker is NULL, it won't be set again as this thread 758 - * "owns" the lock and is the only one that might try to claim 759 - * the lock. So it is safe to test fl_blocker locklessly. 760 - * Also if fl_blocker is NULL, this waiter is not listed on 761 - * fl_blocked_requests for some lock, so no other request can 762 - * be added to the list of fl_blocked_requests for this 763 - * request. So if fl_blocker is NULL, it is safe to 764 - * locklessly check if fl_blocked_requests is empty. If both 765 - * of these checks succeed, there is no need to take the lock. 766 - */ 767 - if (waiter->fl_blocker == NULL && 768 - list_empty(&waiter->fl_blocked_requests)) 769 - return status; 770 756 spin_lock(&blocked_lock_lock); 771 757 if (waiter->fl_blocker) 772 758 status = 0;