Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3697697pxv; Mon, 26 Jul 2021 09:38:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzt2nlePtEhPLHfxF3CmAbd5xVhUJXwHGoBrA9vERDEXBIAboZ1ctob76vtoRV61is0hEoD X-Received: by 2002:a05:6402:2213:: with SMTP id cq19mr22426872edb.320.1627317516497; Mon, 26 Jul 2021 09:38:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627317516; cv=none; d=google.com; s=arc-20160816; b=Qx+s1njV7PSTFcd/Lzs0Jbi3/+GY6aD1bBwT1Ck1ObcasdRfJ9KPJ8n5NaO2IM+63l 09eDnKDE2BAvlKWzfOUGK/0/HOzu7xuUVG3j8G8zvRwt/MhkXJw8zJE6kgVkUcKaKTZA b+Hv3Aea4DDuA8cdOI68Cm8279hiufC8d7SkDGQg1euRdavMUP7MRGUoiIoYHAp/4GTA 6G5KngrGZT3YqJTnOmuFf5wVVX9p2I6VYduDvSAWdgWYA8e8s2IEH36p5o6mCaWIGefj SaUQ8TBIJI8/U0l+VXcXnRkYmJKGhv6Kg12Shcr9KUH9l3nH/U9ockFWadbHkjVqWYnn h/rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=oDQgfjpANW1OaDWphv71r3xaAk/BW7ppoilr95Bj3d4=; b=z2Nx50serEZc0Rnwq7d/2RbkW0aMJM0lGczQAPVzSsZA0G7KCIIsRd/2WSNJfIBvTI xmyJ37OMZNCy0UnybH819G/mfCx6PAKakLUWopC4RyaXgFRT6N2Bif1D2/Gco0tsjP9n XHCEX5z1qIrBfd+Z8ITKliuZKkzhjPdTcDJyRfd7tGKto6oZLFpqepN4lmIFZfxM6ynJ 3EHyncwiubJ7KWvmZtgqpNBCtJk8IhGR10kjAV9kC7hWlLxjY/xsWC8TQpu0RRIcFK+z cEwQVm9fqltTp+Y5Wqpp0AT8GnHPJDc5Nv27SaIZ0ZPar0b+uY1caCupoKBglY79TD+a uDsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=T0wITVof; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r7si391122edo.180.2021.07.26.09.38.13; Mon, 26 Jul 2021 09:38:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=T0wITVof; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240308AbhGZPzR (ORCPT + 99 others); Mon, 26 Jul 2021 11:55:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:51812 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237721AbhGZPeo (ORCPT ); Mon, 26 Jul 2021 11:34:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A19FE60C41; Mon, 26 Jul 2021 16:15:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627316113; bh=bWNOLjCng2Wt19fispDzlz5zSpxCsVz2gM94InI66xU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=T0wITVofezQTMqjvN5s58w7d3302l0pd29vJ831zeOBk0W+2Apw2PbQrIVWK/bdQt hicwGE7UEL1T/z7dXObsXiTEExzIBdpYp3AMhOUrmfceAYtjLfN00jqAIniF1Du8/F crVOUDPGuWkt78N34duZ+A5b79Ebc+GTgJAbv/oI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Begunkov , Al Viro , Jens Axboe Subject: [PATCH 5.13 194/223] io_uring: fix early fdput() of file Date: Mon, 26 Jul 2021 17:39:46 +0200 Message-Id: <20210726153852.535858295@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153846.245305071@linuxfoundation.org> References: <20210726153846.245305071@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe commit 0cc936f74bcacb039b7533aeac0a887dfc896bf6 upstream. A previous commit shuffled some code around, and inadvertently used struct file after fdput() had been called on it. As we can't touch the file post fdput() dropping our reference, move the fdput() to after that has been done. Cc: Pavel Begunkov Cc: stable@vger.kernel.org Link: https://lore.kernel.org/io-uring/YPnqM0fY3nM5RdRI@zeniv-ca.linux.org.uk/ Fixes: f2a48dd09b8e ("io_uring: refactor io_sq_offload_create()") Reported-by: Al Viro Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -7953,9 +7953,11 @@ static int io_sq_offload_create(struct i f = fdget(p->wq_fd); if (!f.file) return -ENXIO; - fdput(f); - if (f.file->f_op != &io_uring_fops) + if (f.file->f_op != &io_uring_fops) { + fdput(f); return -EINVAL; + } + fdput(f); } if (ctx->flags & IORING_SETUP_SQPOLL) { struct task_struct *tsk;