Commit 87e2831c authored Oct 08, 2007 by Yan Zheng Committed by Linus Torvalds Oct 08, 2007

AIO: fix cleanup in io_submit_one(...)



When IOCB_FLAG_RESFD flag is set and iocb->aio_resfd is incorrect,
statement 'goto out_put_req' is executed. At label 'out_put_req',
aio_put_req(..) is called, which requires 'req->ki_filp' set.

Signed-off-by: Yan <Zheng&lt;yanzheng@21cn.com>
Cc: Zach Brown <zach.brown@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 745ad48e

fs/aio.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1562,6 +1562,7 @@ int fastcall io_submit_one(struct kioctx ctx, struct iocb __user user_iocb,
		fput(file);
		return -EAGAIN;
		}
		req->ki_filp = file;
		if (iocb->aio_flags & IOCB_FLAG_RESFD) {
		/*
		* If the IOCB_FLAG_RESFD flag of aio_flags is set, get an
		@@ -1576,7 +1577,6 @@ int fastcall io_submit_one(struct kioctx ctx, struct iocb __user user_iocb,
		}
		}

		req->ki_filp = file;
		ret = put_user(req->ki_key, &user_iocb->aio_key);
		if (unlikely(ret)) {
		dprintk("EFAULT: aio_key\n");