On 24/07/2020 20:07, Pavel Begunkov wrote: > req->work might be already initialised by the time it gets into > __io_arm_poll_handler(), which will corrupt it be using fields that are s/be using/by using/ Jens, could you please fold it in, if the patch would do? Or let me know and I'll resend. > in an union with req->work. Luckily, the only side effect is missing > put_creds(). Clean req->work before going there. > > Suggested-by: Jens Axboe <axboe@xxxxxxxxx> > Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx> > --- > fs/io_uring.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/io_uring.c b/fs/io_uring.c > index 32b0064f806e..98e8079e67e7 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -4658,6 +4658,10 @@ static int io_poll_add(struct io_kiocb *req) > struct io_poll_table ipt; > __poll_t mask; > > + /* ->work is in union with hash_node and others */ > + io_req_work_drop_env(req); > + req->flags &= ~REQ_F_WORK_INITIALIZED; > + > INIT_HLIST_NODE(&req->hash_node); > INIT_LIST_HEAD(&req->list); > ipt.pt._qproc = io_poll_queue_proc; > -- Pavel Begunkov
