From 46bf8585a246dab6f373955162b5bbd25b1700ef Mon Sep 17 00:00:00 2001
From: Li Lingfeng <lilingfeng3@huawei.com>
Date: Mon, 22 Sep 2025 20:28:12 +0800
Subject: [PATCH] nfsd: replace wait_on_bit by wait_on_bit_acquire in
 nfsd_file_acquire

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/ICYREP

-------------------------------

Due to the absence of a read barrier in wait_on_bit(), it may lead to the
reading of nf->nf_file being reordered after the check for
NFSD_FILE_PENDING.
This could result in the reader obtaining an uninitialized nf->nf_file and
using it, thereby triggering a null pointer dereference.

Fixes: 65294c1f2c5e ("nfsd: add a new struct file caching facility to nfsd")
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
---
 fs/nfsd/filecache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index e30e1ddc1aceb..957d7fc37d06f 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -974,7 +974,7 @@ nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
 	nfsd_file_slab_free(&new->nf_rcu);
 
 wait_for_construction:
-	wait_on_bit(&nf->nf_flags, NFSD_FILE_PENDING, TASK_UNINTERRUPTIBLE);
+	wait_on_bit_acquire(&nf->nf_flags, NFSD_FILE_PENDING, TASK_UNINTERRUPTIBLE);
 
 	/* Did construction of this file fail? */
 	if (!test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
-- 
Gitee