diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-06-29 16:58:35 +0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-06-29 16:58:35 +0800 |
commit | 9dda12b6fa0eba6b1fd32399b599d05765893dae (patch) | |
tree | f303ca007424c0c3af40ba88b23b3e3e965bfc2a /fs | |
parent | 061913712d6ab77c77192584912afdbd8267c54c (diff) | |
parent | e6feaf215f07dd98d03ee783c9dd4c7f7e55b74d (diff) |
Merge tag 'for-linus-20190628' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"Just two small fixes.
One from Paolo, fixing a silly mistake in BFQ. The other one is from
me, ensuring that we have ->file cleared in the io_uring request a bit
earlier. That avoids a use-before-free, if we encounter an error
before ->file is assigned"
* tag 'for-linus-20190628' of git://git.kernel.dk/linux-block:
block, bfq: fix operator in BFQQ_TOTALLY_SEEKY
io_uring: ensure req->file is cleared on allocation
Diffstat (limited to 'fs')
-rw-r--r-- | fs/io_uring.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 86a2bd721900..485832deb7ea 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -579,6 +579,7 @@ static struct io_kiocb *io_get_req(struct io_ring_ctx *ctx, state->cur_req++; } + req->file = NULL; req->ctx = ctx; req->flags = 0; /* one is dropped after submission, the other at completion */ @@ -1801,10 +1802,8 @@ static int io_req_set_file(struct io_ring_ctx *ctx, const struct sqe_submit *s, req->sequence = ctx->cached_sq_head - 1; } - if (!io_op_needs_file(s->sqe)) { - req->file = NULL; + if (!io_op_needs_file(s->sqe)) return 0; - } if (flags & IOSQE_FIXED_FILE) { if (unlikely(!ctx->user_files || |