hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/ICYREP ------------------------------- Due to the absence of a read barrier in wait_on_bit(), it may lead to the reading of nf->nf_file being reordered after the check for NFSD_FILE_PENDING. This could result in the reader obtaining an uninitialized nf->nf_file and using it, thereby triggering a null pointer dereference. Fixes: 65294c1f2c5e ("nfsd: add a new struct file caching facility to nfsd") Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com> --- fs/nfsd/filecache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index e30e1ddc1ace..957d7fc37d06 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -974,7 +974,7 @@ nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp, nfsd_file_slab_free(&new->nf_rcu); wait_for_construction: - wait_on_bit(&nf->nf_flags, NFSD_FILE_PENDING, TASK_UNINTERRUPTIBLE); + wait_on_bit_acquire(&nf->nf_flags, NFSD_FILE_PENDING, TASK_UNINTERRUPTIBLE); /* Did construction of this file fail? */ if (!test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) { -- 2.46.1