On Tue, Jun 02, 2026 at 01:29:58PM +0800, Junrui Luo wrote:
> When an invoke is interrupted by a signal,
> wait_for_completion_interruptible() returns -ERESTARTSYS and
> fastrpc_internal_invoke() moves every buffer from fl->mmaps onto
> cctx->invoke_interrupted_mmaps. This list_del()/list_add_tail() walk
> runs without holding fl->lock, the lock that serialises fl->mmaps in
> fastrpc_req_mmap() and fastrpc_req_munmap() everywhere else.
>
> Take fl->lock around the move, matching every other fl->mmaps accessor.
>
> Fixes: 76e8e4ace1ed ("misc: fastrpc: Safekeep mmaps on interrupted invoke")
> Reported-by: Yuhao Jiang <[email protected]>
> Cc: [email protected]
> Signed-off-by: Junrui Luo <[email protected]>
> ---
> drivers/misc/fastrpc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
Reviewed-by: Dmitry Baryshkov <[email protected]>
>
--
With best wishes
Dmitry
