On Fri 30-09-16 10:46:34, Christoph Hellwig wrote: > After the call to ->direct_IO the final reference to the file might have > been dropped by aio_complete already, and the call to file_accessed might > cause a use after free. > > Instead update the access time before the I/O, similar to how we > update the time stamps before writes. > > Signed-off-by: Christoph Hellwig <hch@xxxxxx> The patch looks good. You can add: Reviewed-by: Jan Kara <jack@xxxxxxx> But frankly it looks like a nasty catch that iocb->ki_filp can go away under you in the AIO case. Do I get it right that this means there must be some other thread closing your fd while the read is running, right? Also it seems that file_end_write(file) call in aio_run_iocb() is prone to the same race? Won't we be better off to just to do additional get_file() / fput() pair in the AIO submission path so that whole AIO submission path is guaranteed to have struct file available? I understand this is very performance sensitive path but we'll be adding just two atomic ops... Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
