Re: [PATCH] block/loop: Fix NULL pointer dereference in lo_rw_aio()

Next message: Michael Bommarito: "[PATCH] ksmbd: reject unsigned non-exempt requests when session requires signing"
Previous message: javen: "[Patch net-next v5 0/7] r8169: add RSS support for RTL8127"
In reply to: Tetsuo Handa: "Re: [PATCH] block/loop: Fix NULL pointer dereference in lo_rw_aio()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hongling Zeng

Date: Tue May 19 2026 - 23:24:37 EST

Thanks, I'll review Tetsuo's analysis to better understand
the full scope of the issue.

在 2026年05月19日 20:37, Tetsuo Handa 写道:

On 2026/05/19 20:28, Ming Lei wrote:

This means |__loop_clr_fd()|runs while I/O is still active.
Regression introduced by:
6050fa4c84cc ("loop: don't hold lo_mutex during __loop_clr_fd()")

Why do you conclude it is caused by above commit?

Some commit in the merge window for 7.1 broke the loop driver.
Even synchronize_rcu() + drain_workqueue(lo->workqueue) is not sufficient.
Please see a thread at https://lkml.kernel.org/r/d43125ff-cc66-49b7-b16d-1b2650c68c23@xxxxxxxxxxxxxxxxxxx .