[Devel] [PATCH RHEL7 COMMIT] fs/fuse kio_pcs: flush rpc work inside pcs_rpc_destroy()
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Oct 18 15:01:36 MSK 2018
The commit is pushed to "branch-rh7-3.10.0-862.14.4.vz7.72.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.14.4.vz7.72.11
------>
commit 99b1e7df9c857f9f6eaea632491641445bf7c5f1
Author: Pavel Butsykin <pbutsykin at virtuozzo.com>
Date: Thu Oct 18 15:01:34 2018 +0300
fs/fuse kio_pcs: flush rpc work inside pcs_rpc_destroy()
This flush is necessary to done pending messages and
to execute queued work before we free rpc memory.
Signed-off-by: Pavel Butsykin <pbutsykin at virtuozzo.com>
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
=====================
Patchset description:
Order rpc destroy with rpc_queue_work()
Prevents use-after-free from work function.
https://pmc.acronis.com/browse/VSTOR-16236
Kirill Tkhai (3):
fuse kio: Stop self-abuse of rpc counter in rpc_queue_work()
fuse kio: Check for null ep in pcs_rpc_deaccount_msg()
fuse kio: Move abort & destroy block up in pcs_rpc_send()
Pavel Butsykin (1):
fs/fuse kio_pcs: flush rpc work inside pcs_rpc_destroy()
---
fs/fuse/kio/pcs/pcs_rpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/fuse/kio/pcs/pcs_rpc.c b/fs/fuse/kio/pcs/pcs_rpc.c
index 0717eeb6e99f..f6b8aefe6884 100644
--- a/fs/fuse/kio/pcs/pcs_rpc.c
+++ b/fs/fuse/kio/pcs/pcs_rpc.c
@@ -312,6 +312,7 @@ static void pcs_rpc_destroy(struct pcs_rpc *ep)
BUG_ON(timer_pending(&ep->timer_work.timer));
cancel_delayed_work_sync(&ep->calendar_work);
+ flush_work(&ep->work);
/* pcs_free(ep->sun); */
/* ep->sun = NULL; */
More information about the Devel
mailing list