From: Mathias Krause Date: Sun, 4 Feb 2024 07:51:52 +0000 (+0100) Subject: bcachefs: install fd later to avoid race with close X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=dd839f31d7cd5e04f4111a219024268c6f6973f0;p=linux.git bcachefs: install fd later to avoid race with close Calling fd_install() makes a file reachable for userland, including the possibility to close the file descriptor, which leads to calling its 'release' hook. If that happens before the code had a chance to bump the reference of the newly created task struct, the release callback will call put_task_struct() too early, leading to the premature destruction of the kernel thread. Avoid that race by calling fd_install() later, after all the setup is done. Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit") Signed-off-by: Mathias Krause Signed-off-by: Kent Overstreet --- diff --git a/fs/bcachefs/thread_with_file.c b/fs/bcachefs/thread_with_file.c index b1c867aa2b58e..9220d7de10db6 100644 --- a/fs/bcachefs/thread_with_file.c +++ b/fs/bcachefs/thread_with_file.c @@ -53,9 +53,9 @@ int bch2_run_thread_with_file(struct thread_with_file *thr, if (ret) goto err; - fd_install(fd, file); get_task_struct(thr->task); wake_up_process(thr->task); + fd_install(fd, file); return fd; err: if (fd >= 0)