diff options
author | Kent Overstreet <koverstreet@google.com> | 2013-03-02 15:25:55 +1100 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2013-03-07 14:27:30 +1100 |
commit | a252b0f599715794fbee7e163abc2745065a20fc (patch) | |
tree | 4b16d029539460f1ca60a71d7c66d85c455a2f71 /fs | |
parent | f0e26ee490d741c9eb30d80917fc6ef87e52f49d (diff) |
aio: Fix a null pointer deref in batch_complete_aio
The batch completion code was trying to be a bit too clever, and skip
checking ctx where it couldn't be NULL - but that broke if a kiocb had
been cancelled. Move the check to kioctx_ring_unlock().
Signed-off-by: Kent Overstreet <koverstreet@google.com>
Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/aio.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -680,6 +680,9 @@ static inline void kioctx_ring_unlock(struct kioctx *ctx, unsigned tail) { struct aio_ring *ring; + if (!ctx) + return; + smp_wmb(); /* make event visible before updating tail */ @@ -757,8 +760,7 @@ void batch_complete_aio(struct batch_complete *batch) } if (unlikely(req->ki_ctx != ctx)) { - if (ctx) - kioctx_ring_unlock(ctx, tail); + kioctx_ring_unlock(ctx, tail); ctx = req->ki_ctx; tail = kioctx_ring_lock(ctx); |