diff options
| author | Dominique Martinet <asmadeus@codewreck.org> | 2022-08-17 14:58:44 +0900 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-11-25 17:35:43 +0100 |
| commit | 82825dbf393f7c7979d462f9609a15bde8092b3f (patch) | |
| tree | ad812553d36e2e452ca19fc664181da748cffced | |
| parent | fe3f79701fdaf8a087bc7043839e7f8b2e61b6fe (diff) | |
9p: trans_fd/p9_conn_cancel: drop client lock earlier
commit 52f1c45dde9136f964d63a77d19826c8a74e2c7f upstream.
syzbot reported a double-lock here and we no longer need this
lock after requests have been moved off to local list:
just drop the lock earlier.
Link: https://lkml.kernel.org/r/20220904064028.1305220-1-asmadeus@codewreck.org
Reported-by: syzbot+50f7e8d06c3768dd97f3@syzkaller.appspotmail.com
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Tested-by: Schspa Shi <schspa@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/9p/trans_fd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 33b317a25a2d..83cdb13c6322 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -215,6 +215,8 @@ static void p9_conn_cancel(struct p9_conn *m, int err) list_move(&req->req_list, &cancel_list); } + spin_unlock(&m->client->lock); + list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) { p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req); list_del(&req->req_list); @@ -222,7 +224,6 @@ static void p9_conn_cancel(struct p9_conn *m, int err) req->t_err = err; p9_client_cb(m->client, req, REQ_STATUS_ERROR); } - spin_unlock(&m->client->lock); } static int |