diff options
| author | Christoph Hellwig <hch@lst.de> | 2016-10-30 19:42:01 +0300 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-10-30 20:09:42 +0300 |
| commit | 0b944d3a4bba6b25f43aed530f4fa85c04d162a6 (patch) | |
| tree | c5c7b8fc2ec3fe80e12de1e3a8bdb65aa04b2169 /fs/aio.c | |
| parent | a909d3e636995ba7c349e2ca5dbb528154d4ac30 (diff) | |
| download | linux-0b944d3a4bba6b25f43aed530f4fa85c04d162a6.tar.xz | |
aio: hold an extra file reference over AIO read/write operations
Otherwise we might dereference an already freed file and/or inode
when aio_complete is called before we return from the read_iter or
write_iter method.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/aio.c')
| -rw-r--r-- | fs/aio.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -1460,6 +1460,7 @@ rw_common: return ret; } + get_file(file); if (rw == WRITE) file_start_write(file); @@ -1467,6 +1468,7 @@ rw_common: if (rw == WRITE) file_end_write(file); + fput(file); kfree(iovec); break; |