diff options
| author | Christoph Hellwig <hch@lst.de> | 2016-10-30 12:42:01 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-10-30 13:09:42 -0400 |
| commit | 0b944d3a4bba6b25f43aed530f4fa85c04d162a6 (patch) | |
| tree | c5c7b8fc2ec3fe80e12de1e3a8bdb65aa04b2169 /fs | |
| parent | a909d3e636995ba7c349e2ca5dbb528154d4ac30 (diff) | |
aio: hold an extra file reference over AIO read/write operations
Otherwise we might dereference an already freed file and/or inode
when aio_complete is called before we return from the read_iter or
write_iter method.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/aio.c | 2 |
1 files changed, 2 insertions, 0 deletions
| @@ -1460,6 +1460,7 @@ rw_common: | |||
| 1460 | return ret; | 1460 | return ret; |
| 1461 | } | 1461 | } |
| 1462 | 1462 | ||
| 1463 | get_file(file); | ||
| 1463 | if (rw == WRITE) | 1464 | if (rw == WRITE) |
| 1464 | file_start_write(file); | 1465 | file_start_write(file); |
| 1465 | 1466 | ||
| @@ -1467,6 +1468,7 @@ rw_common: | |||
| 1467 | 1468 | ||
| 1468 | if (rw == WRITE) | 1469 | if (rw == WRITE) |
| 1469 | file_end_write(file); | 1470 | file_end_write(file); |
| 1471 | fput(file); | ||
| 1470 | kfree(iovec); | 1472 | kfree(iovec); |
| 1471 | break; | 1473 | break; |
| 1472 | 1474 | ||