diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2023-12-21 15:04:45 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-12-22 07:33:02 +0100 |
| commit | 159f5bdadcdda638aad5a234b58d6031aa4ef8aa (patch) | |
| tree | 3e70d371abd1f854a990c0d1e5940a487157efd4 | |
| parent | d4005431673929a1259ad791db87408fcf85d2cc (diff) | |
| download | linux-159f5bdadcdda638aad5a234b58d6031aa4ef8aa.tar.gz | |
debugfs: initialize cancellations earlier
Tetsuo Handa pointed out that in the (now reverted)
lockdep commit I initialized the data too late. The
same is true for the cancellation data, it must be
initialized before the cmpxchg(), otherwise it may
be done twice and possibly even overwriting data in
there already when there's a race. Fix that, which
also requires destroying the mutex in case we lost
the race.
Fixes: 8c88a474357e ("debugfs: add API to allow debugfs operations cancellation")
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20231221150444.1e47a0377f80.If7e8ba721ba2956f12c6e8405e7d61e154aa7ae7@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/debugfs/file.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c index 5063434be0fc8..6d7c1a49581f7 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c @@ -104,12 +104,14 @@ int debugfs_file_get(struct dentry *dentry) ~DEBUGFS_FSDATA_IS_REAL_FOPS_BIT); refcount_set(&fsd->active_users, 1); init_completion(&fsd->active_users_drained); + INIT_LIST_HEAD(&fsd->cancellations); + mutex_init(&fsd->cancellations_mtx); + if (cmpxchg(&dentry->d_fsdata, d_fsd, fsd) != d_fsd) { + mutex_destroy(&fsd->cancellations_mtx); kfree(fsd); fsd = READ_ONCE(dentry->d_fsdata); } - INIT_LIST_HEAD(&fsd->cancellations); - mutex_init(&fsd->cancellations_mtx); } /* |