-
由 Jens Axboe 提交于
mainline inclusion from mainline-5.9-rc1 commit 51a4cc11 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA --------------------------- If we're in the error path failing links and we have a link that has grabbed a reference to the fs_struct, then we cannot safely drop our reference to the table if we already hold the completion lock. This adds a hardirq dependency to the fs_struct->lock, which it currently doesn't have. Defer the final cleanup and free of such requests to avoid adding this dependency. Reported-by: syzbot+ef4b654b49ed7ff049bf@syzkaller.appspotmail.com Signed-off-by: NJens Axboe <axboe@kernel.dk> Conflicts: fs/io_uring.c [adopt patch ecfc5177 ("io_uring: fix potential use after free on fallback request free") lead this conflict] Signed-off-by: Nyangerkun <yangerkun@huawei.com> Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com> Signed-off-by: NCheng Jian <cj.chengjian@huawei.com>
6cd8d26c