Accessing the file table needs a rcu_dereference_protected(). Signed-off-by: Christoph Hellwig <hch@xxxxxx> --- fs/io_uring.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index c9596d551bd67..2b848a8dfc46c 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -5984,7 +5984,8 @@ static int io_close(struct io_kiocb *req, unsigned int issue_flags) spin_unlock(&files->file_lock); goto err; } - file = fdt->fd[close->fd]; + file = rcu_dereference_protected(fdt->fd[close->fd], + lockdep_is_held(&files->file_lock)); if (!file || file->f_op == &io_uring_fops) { spin_unlock(&files->file_lock); file = NULL; -- 2.30.2