git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Yun Zhou <yun.zhou@windriver.com>
	Wed, 15 Oct 2025 08:32:27 +0000 (16:32 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 18 Dec 2025 12:54:55 +0000 (13:54 +0100)
commit	21989cb5034c835b212385a2afadf279d8069da0
tree	f7bf0e9440638f52d79ecc4b48ce97cf233836c6	tree
parent	b991eda2a7f1b7bbf0a357d8112b5974f59ae24f	commit \| diff

md: fix rcu protection in md_wakeup_thread

[ Upstream commit 0dc76205549b4c25705e54345f211b9f66e018a0 ]

We attempted to use RCU to protect the pointer 'thread', but directly
passed the value when calling md_wakeup_thread(). This means that the
RCU pointer has been acquired before rcu_read_lock(), which renders
rcu_read_lock() ineffective and could lead to a use-after-free.

Link: https://lore.kernel.org/linux-raid/20251015083227.1079009-1-yun.zhou@windriver.com
Fixes: 446931543982 ("md: protect md_thread with rcu")
Signed-off-by: Yun Zhou <yun.zhou@windriver.com>
Reviewed-by: Li Nan <linan122@huawei.com>
Reviewed-by: Yu Kuai <yukuai@fnnas.com>
Signed-off-by: Yu Kuai <yukuai@fnnas.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/md/md.c		diff \| blob \| blame \| history
drivers/md/md.h		diff \| blob \| blame \| history