From 76e147d0a937d6df65491cc5c559c13d38b82d83 Mon Sep 17 00:00:00 2001
From: Justin Husted <sigstop@gmail.com>
Date: Thu, 7 Nov 2019 16:44:04 -0800
Subject: [PATCH] Fix refcount bug in blkdev and timer kthreads.

The shutdown code in d79d57e and b20e160 had a race condition during
shutdown, due to not owning a reference on the associated task_struct
while the associated threads shut themselves down.

Patch over this by taking an appropriate reference.

Signed-off-by: Justin Husted <sigstop@gmail.com>
---
 linux/blkdev.c | 3 +++
 linux/timer.c  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/linux/blkdev.c b/linux/blkdev.c
index 370f08f..19aa88b 100644
--- a/linux/blkdev.c
+++ b/linux/blkdev.c
@@ -281,6 +281,7 @@ static void blkdev_cleanup(void)
 {
 	struct task_struct *p = NULL;
 	swap(aio_task, p);
+	get_task_struct(p);
 
 	atomic_set(&aio_thread_stop, 1);
 
@@ -305,6 +306,8 @@ static void blkdev_cleanup(void)
 	ret = kthread_stop(p);
 	BUG_ON(ret);
 
+	put_task_struct(p);
+
 	close(fds[0]);
 	close(fds[1]);
 }
diff --git a/linux/timer.c b/linux/timer.c
index 11a2fd8..eb93786 100644
--- a/linux/timer.c
+++ b/linux/timer.c
@@ -312,6 +312,8 @@ static void timers_init(void)
 __attribute__((destructor(103)))
 static void timers_cleanup(void)
 {
+	get_task_struct(timer_task);
+
 	pthread_mutex_lock(&timer_lock);
 	timer_thread_stop = true;
 	pthread_cond_signal(&timer_cond);
@@ -320,5 +322,6 @@ static void timers_cleanup(void)
 	int ret = kthread_stop(timer_task);
 	BUG_ON(ret);
 
+	put_task_struct(timer_task);
 	timer_task = NULL;
 }
-- 
2.39.5