* [PATCH] io_uring: fix early fdput() of file
@ 2021-07-22 23:12 Jens Axboe
0 siblings, 0 replies; only message in thread
From: Jens Axboe @ 2021-07-22 23:12 UTC (permalink / raw)
To: io-uring; +Cc: Al Viro, Pavel Begunkov
A previous commit shuffled some code around, and inadvertently used
struct file after fdput() had been called on it. As we can't touch
the file post fdput() dropping our reference, move the fdput() to
after that has been done.
Cc: Pavel Begunkov <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/io-uring/[email protected]/
Fixes: f2a48dd09b8e ("io_uring: refactor io_sq_offload_create()")
Reported-by: Al Viro <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
---
diff --git a/fs/io_uring.c b/fs/io_uring.c
index fe3d948658ad..f2fe4eca150b 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7991,9 +7991,11 @@ static int io_sq_offload_create(struct io_ring_ctx *ctx,
f = fdget(p->wq_fd);
if (!f.file)
return -ENXIO;
- fdput(f);
- if (f.file->f_op != &io_uring_fops)
+ if (f.file->f_op != &io_uring_fops) {
+ fdput(f);
return -EINVAL;
+ }
+ fdput(f);
}
if (ctx->flags & IORING_SETUP_SQPOLL) {
struct task_struct *tsk;
--
Jens Axboe
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-07-22 23:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-22 23:12 [PATCH] io_uring: fix early fdput() of file Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox