From 2d606ae0e704cce2ccef943e1274192d0b39dffd Mon Sep 17 00:00:00 2001
From: Pavel Begunkov <asml.silence@gmail.com>
Date: Thu, 15 Apr 2021 17:42:52 +0800
Subject: [PATCH] io_uring: get an active ref_node from files_data

mainline inclusion
from mainline-5.10-rc5
commit 1e5d770bb8a23dd01e28e92f4fb0b1093c8bdbe6
category: feature
bugzilla: 27
CVE: NA
---------------------------

An active ref_node always can be found in ctx->files_data, it's much
safer to get it this way instead of poking into files_data->ref_list.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Cc: stable@vger.kernel.org # v5.7+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: yangerkun <yangerkun@huawei.com>
Reviewed-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Cheng Jian <cj.chengjian@huawei.com>
---
 fs/io_uring.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index a8f6c5798bae..1a4cb6ec28dd 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -6633,9 +6633,7 @@ static int io_sqe_files_unregister(struct io_ring_ctx *ctx)
 		return -ENXIO;
 
 	spin_lock(&data->lock);
-	if (!list_empty(&data->ref_list))
-		ref_node = list_first_entry(&data->ref_list,
-				struct fixed_file_ref_node, node);
+	ref_node = data->node;
 	spin_unlock(&data->lock);
 	if (ref_node)
 		percpu_ref_kill(&ref_node->refs);
-- 
GitLab