From: Yan Zheng Date: Mon, 8 Oct 2007 19:16:20 +0000 (-0700) Subject: AIO: fix cleanup in io_submit_one(...) X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=87e2831c3fa39cbf6f7ab676bb5aef039b9659e2;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git AIO: fix cleanup in io_submit_one(...) When IOCB_FLAG_RESFD flag is set and iocb->aio_resfd is incorrect, statement 'goto out_put_req' is executed. At label 'out_put_req', aio_put_req(..) is called, which requires 'req->ki_filp' set. Signed-off-by: Yan Zheng Cc: Zach Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/aio.c b/fs/aio.c index dbe699e9828..ea2e1982038 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1562,6 +1562,7 @@ int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb, fput(file); return -EAGAIN; } + req->ki_filp = file; if (iocb->aio_flags & IOCB_FLAG_RESFD) { /* * If the IOCB_FLAG_RESFD flag of aio_flags is set, get an @@ -1576,7 +1577,6 @@ int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb, } } - req->ki_filp = file; ret = put_user(req->ki_key, &user_iocb->aio_key); if (unlikely(ret)) { dprintk("EFAULT: aio_key\n");