diff options
| author | Yu Kuai <yukuai3@huawei.com> | 2025-06-30 19:28:28 +0800 | 
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2025-07-01 08:14:01 -0600 | 
| commit | 0d519bb0de3bf0ac9e6f401d4910fc119062d7be (patch) | |
| tree | 953f5e9d53b326fd7c23be0a1813fad723a11282 /rust/kernel/xarray.rs | |
| parent | 01ed88aea527e19def9070349399684522c66c72 (diff) | |
brd: fix sleeping function called from invalid context in brd_insert_page()
__xa_cmpxchg() is called with rcu_read_lock(), and it will allocate
memory if necessary.
Fix the problem by moving rcu_read_lock() after __xa_cmpxchg(), meanwhile,
it still should be held before xa_unlock(), prevent returned page to be
freed by concurrent discard.
Fixes: bbcacab2e8ee ("brd: avoid extra xarray lookups on first write")
Reported-by: syzbot+ea4c8fd177a47338881a@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/685ec4c9.a00a0220.129264.000c.GAE@google.com/
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20250630112828.421219-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'rust/kernel/xarray.rs')
0 files changed, 0 insertions, 0 deletions
