brd: fix sleeping function called from invalid context in brd_insert_page() (0d519bb0) · Commits · linux-arm / linux-dm

Commit 0d519bb0 authored Jun 30, 2025 by Yu Kuai Committed by Jens Axboe Jul 01, 2025

brd: fix sleeping function called from invalid context in brd_insert_page()



__xa_cmpxchg() is called with rcu_read_lock(), and it will allocate
memory if necessary.

Fix the problem by moving rcu_read_lock() after __xa_cmpxchg(), meanwhile,
it still should be held before xa_unlock(), prevent returned page to be
freed by concurrent discard.

Fixes: bbcacab2 ("brd: avoid extra xarray lookups on first write")
Reported-by:  <syzbot+ea4c8fd177a47338881a@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/all/685ec4c9.a00a0220.129264.000c.GAE@google.com/


Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20250630112828.421219-1-yukuai1@huaweicloud.com


Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 01ed88ae

Hide whitespace changes

Inline Side-by-side

Please register or to comment