diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2021-02-20 18:03:47 +0000 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2021-02-20 19:02:45 -0700 |
| commit | e6cb007c45dedada0a847eaa486c49509d63b1e8 (patch) | |
| tree | 6fbf38282440b4e64cd6efdd94e9f55b1edc34a6 | |
| parent | 99a10081647168022745859bb2f1c28b2f70dc83 (diff) | |
| download | linux-e6cb007c45dedada0a847eaa486c49509d63b1e8.tar.gz linux-e6cb007c45dedada0a847eaa486c49509d63b1e8.tar.bz2 linux-e6cb007c45dedada0a847eaa486c49509d63b1e8.zip | |
io_uring: zero ref_node after killing it
After a rsrc/files reference node's refs are killed, it must never be
used. And that's how it works, it either assigns a new node or kills the
whole data table.
Let's explicitly NULL it, that shouldn't be necessary, but if something
would go wrong I'd rather catch a NULL dereference to using a dangling
pointer.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
| -rw-r--r-- | fs/io_uring.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index cef80106b305..5215d32c4f8c 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7299,6 +7299,7 @@ static void io_sqe_rsrc_kill_node(struct io_ring_ctx *ctx, struct fixed_rsrc_dat io_rsrc_ref_lock(ctx); ref_node = data->node; + data->node = NULL; io_rsrc_ref_unlock(ctx); if (ref_node) percpu_ref_kill(&ref_node->refs); |