![]() |
index : kernel/git/stable/stable-queue.git | |
| Linux kernel stable patch queue | Stable Group |
| aboutsummaryrefslogtreecommitdiffstats |
diff options
| -rw-r--r-- | queue-7.1/kernel-fork-clear-pf_block_ts-in-copy_process.patch | 39 | ||||
| -rw-r--r-- | queue-7.1/series | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/queue-7.1/kernel-fork-clear-pf_block_ts-in-copy_process.patch b/queue-7.1/kernel-fork-clear-pf_block_ts-in-copy_process.patch new file mode 100644 index 0000000000..38b608aa93 --- /dev/null +++ b/queue-7.1/kernel-fork-clear-pf_block_ts-in-copy_process.patch @@ -0,0 +1,39 @@ +From fd38b75c4b43295b10d69772a46d1c74dbd6fc81 Mon Sep 17 00:00:00 2001 +From: Usama Arif <usama.arif@linux.dev> +Date: Tue, 16 Jun 2026 07:15:17 -0700 +Subject: kernel/fork: clear PF_BLOCK_TS in copy_process() + +From: Usama Arif <usama.arif@linux.dev> + +commit fd38b75c4b43295b10d69772a46d1c74dbd6fc81 upstream. + +PF_BLOCK_TS is only set in blk_time_get_ns() when current->plug is +non-NULL, and blk_finish_plug() clears it via __blk_flush_plug() +before NULLing the plug pointer. copy_process() breaks the +invariant by inheriting PF_BLOCK_TS from the parent while resetting +the child's plug to NULL. + +Clear PF_BLOCK_TS alongside that assignment so callers can rely on +"PF_BLOCK_TS set implies current->plug != NULL" and dereference +current->plug unguarded. + +Fixes: 06b23f92af87 ("block: update cached timestamp post schedule/preemption") +Cc: stable@vger.kernel.org +Signed-off-by: Usama Arif <usama.arif@linux.dev> +Link: https://patch.msgid.link/20260616141604.328820-2-usama.arif@linux.dev +Signed-off-by: Jens Axboe <axboe@kernel.dk> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/fork.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -2314,6 +2314,7 @@ __latent_entropy struct task_struct *cop + + #ifdef CONFIG_BLOCK + p->plug = NULL; ++ p->flags &= ~PF_BLOCK_TS; + #endif + futex_init_task(p); + diff --git a/queue-7.1/series b/queue-7.1/series index 1e9c9e3c9f..a05786498a 100644 --- a/queue-7.1/series +++ b/queue-7.1/series @@ -38,6 +38,7 @@ apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch ntb-epf-avoid-pci_iounmap-with-offset-when-peer_spad-and-config-share-bar.patch fbdev-fix-use-after-free-in-store_modes.patch fscrypt-fix-key-setup-in-edge-case-with-multiple-data-unit-sizes.patch +kernel-fork-clear-pf_block_ts-in-copy_process.patch block-invalidate-cached-plug-timestamp-after-task-switch.patch kvm-arm64-omit-tag-sync-on-stage-2-mappings-of-the-zero-page.patch err.h-use-__always_inline-on-all-error-pointer-helpers.patch |
generated by cgit 1.3-korg (git 2.53.0) at 2026-07-04 09:00:20 +0000

