On Sat, Oct 29, 2016 at 01:24:51PM +0100, Al Viro wrote: > How about taking this chunk (i.e. telling lockdep that we are not holding this > thing) past the iter_op() call, where file_end_write() used to be? We can't as that would not fix the use after free (at least for the lockdep case - otherwise the call is a no-op). Once iter_op returns aio_complete might have dropped our reference to the file, and another thread might have closed the fd so that the fput from aio_complete was the last one. This is something that xfstests/323 can reproduce under the right conditions. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
