The value is read from another task without, while the task that
had set the value was holding queue->lock. Better use READ_ONCE
to ensure the compiler cannot optimize the read.
Fixes: 284985711dc5 ("fuse: Allow to queue fg requests through io-uring")
Signed-off-by: Bernd Schubert <bschubert@xxxxxxx>
---
fs/fuse/dev_uring.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/fuse/dev_uring.c b/fs/fuse/dev_uring.c
index 62a063fda3951d29c27f95c1941a06f38f7b8248..80bb7396a8410022bbef1efa0522974bda77c81a 100644
--- a/fs/fuse/dev_uring.c
+++ b/fs/fuse/dev_uring.c
@@ -1204,10 +1204,12 @@ static void fuse_uring_send_in_task(struct io_uring_cmd *cmd,
{
struct fuse_ring_ent *ent = uring_cmd_to_ring_ent(cmd);
struct fuse_ring_queue *queue = ent->queue;
+ struct fuse_req *req;
int err;
if (!(issue_flags & IO_URING_F_TASK_DEAD)) {
- err = fuse_uring_prepare_send(ent, ent->fuse_req);
+ req = READ_ONCE(ent->fuse_req);
+ err = fuse_uring_prepare_send(ent, req);
if (err) {
fuse_uring_next_fuse_req(ent, queue, issue_flags);
return;
--
2.43.0
