| From 0cc936f74bcacb039b7533aeac0a887dfc896bf6 Mon Sep 17 00:00:00 2001 |
| From: Jens Axboe <axboe@kernel.dk> |
| Date: Thu, 22 Jul 2021 17:08:07 -0600 |
| Subject: io_uring: fix early fdput() of file |
| |
| From: Jens Axboe <axboe@kernel.dk> |
| |
| commit 0cc936f74bcacb039b7533aeac0a887dfc896bf6 upstream. |
| |
| A previous commit shuffled some code around, and inadvertently used |
| struct file after fdput() had been called on it. As we can't touch |
| the file post fdput() dropping our reference, move the fdput() to |
| after that has been done. |
| |
| Cc: Pavel Begunkov <asml.silence@gmail.com> |
| Cc: stable@vger.kernel.org |
| Link: https://lore.kernel.org/io-uring/YPnqM0fY3nM5RdRI@zeniv-ca.linux.org.uk/ |
| Fixes: f2a48dd09b8e ("io_uring: refactor io_sq_offload_create()") |
| Reported-by: Al Viro <viro@zeniv.linux.org.uk> |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/io_uring.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| --- a/fs/io_uring.c |
| +++ b/fs/io_uring.c |
| @@ -7953,9 +7953,11 @@ static int io_sq_offload_create(struct i |
| f = fdget(p->wq_fd); |
| if (!f.file) |
| return -ENXIO; |
| - fdput(f); |
| - if (f.file->f_op != &io_uring_fops) |
| + if (f.file->f_op != &io_uring_fops) { |
| + fdput(f); |
| return -EINVAL; |
| + } |
| + fdput(f); |
| } |
| if (ctx->flags & IORING_SETUP_SQPOLL) { |
| struct task_struct *tsk; |
