diff options
author | Amir Goldstein <amir73il@gmail.com> | 2023-10-02 12:04:45 +0200 |
---|---|---|
committer | Amir Goldstein <amir73il@gmail.com> | 2023-10-02 12:08:31 +0200 |
commit | 8542f1712074f070ae90b64e6082d10d8e912e32 (patch) | |
tree | bafda0c9feb370e7f114a6652549a4e33e29f985 /fs/overlayfs/file.c | |
parent | Linux 6.6-rc4 (diff) | |
download | linux-8542f1712074f070ae90b64e6082d10d8e912e32.tar.xz linux-8542f1712074f070ae90b64e6082d10d8e912e32.zip |
ovl: fix file reference leak when submitting aio
Commit 724768a39374 ("ovl: fix incorrect fdput() on aio completion")
took a refcount on real file before submitting aio, but forgot to
avoid clearing FDPUT_FPUT from real.flags stack variable.
This can result in a file reference leak.
Fixes: 724768a39374 ("ovl: fix incorrect fdput() on aio completion")
Reported-by: Gil Lev <contact@levgil.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Diffstat (limited to 'fs/overlayfs/file.c')
-rw-r--r-- | fs/overlayfs/file.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 693971d20280..8be4dc050d1e 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -341,7 +341,6 @@ static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) if (!aio_req) goto out; - real.flags = 0; aio_req->orig_iocb = iocb; kiocb_clone(&aio_req->iocb, iocb, get_file(real.file)); aio_req->iocb.ki_complete = ovl_aio_rw_complete; @@ -413,7 +412,6 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) if (!aio_req) goto out; - real.flags = 0; aio_req->orig_iocb = iocb; kiocb_clone(&aio_req->iocb, iocb, get_file(real.file)); aio_req->iocb.ki_flags = ifl; |