hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

io_uring: fix fs cleanup on cqe overflow 

If completion queue overflow occurs, __io_cqring_fill_event() will
update req->cflags, which is in a union with req->work and happens to
be aliased to req->work.fs. Following io_free_req() ->
io_req_work_drop_env() may get a bunch of different problems (miscount
fs->users, segfault, etc) on cleaning @fs.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
Pavel Begunkov 2020-04-09 08:17:59 +03:00 committed by Jens Axboe
parent 9c280f9087
commit c398ecb3d6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fs/io_uring.c
View File

@ -608,6 +608,7 @@ struct io_kiocb {
}; };
struct io_async_ctx *io; struct io_async_ctx *io;
int cflags;
bool needs_fixed_file; bool needs_fixed_file;
u8 opcode; u8 opcode;
@ -638,7 +639,6 @@ struct io_kiocb {
struct callback_head task_work; struct callback_head task_work;
struct hlist_node hash_node; struct hlist_node hash_node;
struct async_poll *apoll; struct async_poll *apoll;
int cflags;
}; };
struct io_wq_work work; struct io_wq_work work;
}; };