diff options
| author | shao mingyin <[email protected]> | 2024-10-23 05:58:50 +0000 |
|---|---|---|
| committer | Christian Brauner <[email protected]> | 2024-12-22 10:29:52 +0000 |
| commit | 9b7da575f85962c44abe7dc245b0a58179ad2c45 (patch) | |
| tree | 0af1b027ad166f652ec8f58596c04fef1d9dc4df /fs/file_table.c | |
| parent | watch_queue: Use page->private instead of page->index (diff) | |
| download | kernel-9b7da575f85962c44abe7dc245b0a58179ad2c45.tar.gz kernel-9b7da575f85962c44abe7dc245b0a58179ad2c45.zip | |
file: flush delayed work in delayed fput()
The fput() of file rcS might not have completed causing issues when
executing the file.
rcS is opened in do_populate_rootfs before executed. At the end of
do_populate_rootfs() flush_delayed_fput() is called. Now
do_populate_rootfs() assumes that all fput()s caused by
do_populate_rootfs() have completed.
But flush_delayed_fput() can only ensure that fput() on the current
delayed_fput_list has finished. Any file that has been removed from
delayed_fput_list asynchronously in the meantime might not have
completed causing the exec to fail.
do_populate_rootfs delayed_fput_list delayed_fput execve
fput() a
fput() a->b
fput() a->b->rcS
__fput(a)
fput() c
fput() c->d
__fput(b)
flush_delayed_fput
__fput(c)
__fput(d)
__fput(b)
__fput(b) execve(rcS)
Ensure that all delayed work is done by calling flush_delayed_work() in
flush_delayed_fput() explicitly.
Signed-off-by: Chen Lin <[email protected]>
Signed-off-by: Shao Mingyin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: Yang Yang <[email protected]>
Cc: Yang Tao <[email protected]>
Cc: Xu Xin <[email protected]>
[brauner: rewrite commit message]
Signed-off-by: Christian Brauner <[email protected]>
Diffstat (limited to 'fs/file_table.c')
| -rw-r--r-- | fs/file_table.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/file_table.c b/fs/file_table.c index 502b81f614d9..a32171d2b83f 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -478,6 +478,8 @@ static void ____fput(struct callback_head *work) __fput(container_of(work, struct file, f_task_work)); } +static DECLARE_DELAYED_WORK(delayed_fput_work, delayed_fput); + /* * If kernel thread really needs to have the final fput() it has done * to complete, call this. The only user right now is the boot - we @@ -491,11 +493,10 @@ static void ____fput(struct callback_head *work) void flush_delayed_fput(void) { delayed_fput(NULL); + flush_delayed_work(&delayed_fput_work); } EXPORT_SYMBOL_GPL(flush_delayed_fput); -static DECLARE_DELAYED_WORK(delayed_fput_work, delayed_fput); - void fput(struct file *file) { if (file_ref_put(&file->f_ref)) { |