Merge 70b60c8d9b ("btrfs: wait for fixup workers before stopping cleaner kthread during umount") into android12-5.10-lts

Steps on the way to 5.10.227 Change-Id: Ie897a82549a26d8832c1cd233ac507bdaa083cdb Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2024-11-16 16:39:36 +00:00 · 2024-11-16 16:39:36 +00:00 · 9fbdcfe7bb
commit 9fbdcfe7bb
parent d476e18cbf 70b60c8d9b
1 changed files with 11 additions and 0 deletions
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@ -4131,6 +4131,17 @@ void __cold close_ctree(struct btrfs_fs_info *fs_info)
 	/* clear out the rbtree of defraggable inodes */
 	btrfs_cleanup_defrag_inodes(fs_info);

+	/*
+	 * Wait for any fixup workers to complete.
+	 * If we don't wait for them here and they are still running by the time
+	 * we call kthread_stop() against the cleaner kthread further below, we
+	 * get an use-after-free on the cleaner because the fixup worker adds an
+	 * inode to the list of delayed iputs and then attempts to wakeup the
+	 * cleaner kthread, which was already stopped and destroyed. We parked
+	 * already the cleaner, but below we run all pending delayed iputs.
+	 */
+	btrfs_flush_workqueue(fs_info->fixup_workers);
+
 	/*
 	 * After we parked the cleaner kthread, ordered extents may have
 	 * completed and created new delayed iputs. If one of the async reclaim