p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

aio: hold an extra file reference over AIO read/write operations 

Otherwise we might dereference an already freed file and/or inode
when aio_complete is called before we return from the read_iter or
write_iter method.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Christoph Hellwig 2016-10-30 11:42:01 -05:00 committed by Al Viro
parent a909d3e636
commit 0b944d3a4b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fs/aio.c
View File

@ -1460,6 +1460,7 @@ static ssize_t aio_run_iocb(struct kiocb *req, unsigned opcode,
return ret;
}
get_file(file);
if (rw == WRITE)
file_start_write(file);
@ -1467,6 +1468,7 @@ static ssize_t aio_run_iocb(struct kiocb *req, unsigned opcode,
if (rw == WRITE)
file_end_write(file);
fput(file);
kfree(iovec);
break;