Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932310AbbFSSU2 (ORCPT ); Fri, 19 Jun 2015 14:20:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34181 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932179AbbFSSUM (ORCPT ); Fri, 19 Jun 2015 14:20:12 -0400 Date: Fri, 19 Jun 2015 20:19:00 +0200 From: Oleg Nesterov To: Al Viro , Andrew Morton , Benjamin LaHaise , Jeff Moyer Cc: linux-aio@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 3/3] aio_free_ring: don't do page_count(NULL) Message-ID: <20150619181900.GA20806@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150619181840.GA20780@redhat.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1074 Lines: 38 aio_free_ring() can actually see the NULL page in ->ring_pages[], this can happen if aio_setup_ring() fails. And in this case page_count(ctx->ring_pages[i]) can OOPS. Signed-off-by: Oleg Nesterov Reviewed-by: Jeff Moyer --- fs/aio.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 4a360be..9bc1335 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -292,12 +292,12 @@ static void aio_free_ring(struct kioctx *ctx) put_aio_ring_file(ctx); for (i = 0; i < ctx->nr_pages; i++) { - struct page *page; - pr_debug("pid(%d) [%d] page->count=%d\n", current->pid, i, - page_count(ctx->ring_pages[i])); - page = ctx->ring_pages[i]; + struct page *page = ctx->ring_pages[i]; if (!page) continue; + + pr_debug("pid(%d) [%d] page->count=%d\n", + current->pid, i, page_count(page)); ctx->ring_pages[i] = NULL; put_page(page); } -- 1.5.5.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in Please read the FAQ at http://www.tux.org/lkml/