Commit 0b25d458 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'filelock-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux

Pull file locking fixes from Jeff Layton:
 "Just a couple of late-breaking patches for the file locking code. The
  second patch (from yangerkun) fixes a rather nasty looking potential
  use-after-free that should go to stable.

  The other patch could technically wait for 5.7, but it's fairly
  innocuous so I figured we might as well take it"

* tag 'filelock-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
  locks: fix a potential use-after-free problem when wakeup a waiter
  fcntl: Distribute switch variables for initialization
parents ae24a21b 6d390e4b
...@@ -735,8 +735,9 @@ static void send_sigio_to_task(struct task_struct *p, ...@@ -735,8 +735,9 @@ static void send_sigio_to_task(struct task_struct *p,
return; return;
switch (signum) { switch (signum) {
kernel_siginfo_t si; default: {
default: kernel_siginfo_t si;
/* Queue a rt signal with the appropriate fd as its /* Queue a rt signal with the appropriate fd as its
value. We use SI_SIGIO as the source, not value. We use SI_SIGIO as the source, not
SI_KERNEL, since kernel signals always get SI_KERNEL, since kernel signals always get
...@@ -769,6 +770,7 @@ static void send_sigio_to_task(struct task_struct *p, ...@@ -769,6 +770,7 @@ static void send_sigio_to_task(struct task_struct *p,
si.si_fd = fd; si.si_fd = fd;
if (!do_send_sig_info(signum, &si, p, type)) if (!do_send_sig_info(signum, &si, p, type))
break; break;
}
/* fall-through - fall back on the old plain SIGIO signal */ /* fall-through - fall back on the old plain SIGIO signal */
case 0: case 0:
do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, type); do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, type);
......
...@@ -753,20 +753,6 @@ int locks_delete_block(struct file_lock *waiter) ...@@ -753,20 +753,6 @@ int locks_delete_block(struct file_lock *waiter)
{ {
int status = -ENOENT; int status = -ENOENT;
/*
* If fl_blocker is NULL, it won't be set again as this thread
* "owns" the lock and is the only one that might try to claim
* the lock. So it is safe to test fl_blocker locklessly.
* Also if fl_blocker is NULL, this waiter is not listed on
* fl_blocked_requests for some lock, so no other request can
* be added to the list of fl_blocked_requests for this
* request. So if fl_blocker is NULL, it is safe to
* locklessly check if fl_blocked_requests is empty. If both
* of these checks succeed, there is no need to take the lock.
*/
if (waiter->fl_blocker == NULL &&
list_empty(&waiter->fl_blocked_requests))
return status;
spin_lock(&blocked_lock_lock); spin_lock(&blocked_lock_lock);
if (waiter->fl_blocker) if (waiter->fl_blocker)
status = 0; status = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment