ovl: fix incorrect fdput() on aio completion

author Amir Goldstein <amir73il@gmail.com>

Tue, 22 Aug 2023 17:50:59 +0000 (20:50 +0300)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 23 Sep 2023 09:11:10 +0000 (11:11 +0200)
author Amir Goldstein <amir73il@gmail.com>
Tue, 22 Aug 2023 17:50:59 +0000 (20:50 +0300)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 23 Sep 2023 09:11:10 +0000 (11:11 +0200)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c

index 6011f955436ba7771800fac36abf6a88cd8cc094..cc0c077165bde142ed23d8c42b86e4e4b9ec7182 100644 (file)
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -19,7 +19,6 @@ struct ovl_aio_req {
         struct kiocb iocb;
         refcount_t ref;
         struct kiocb *orig_iocb;
-       struct fd fd;
  };
  
  static struct kmem_cache *ovl_aio_request_cachep;
@@ -260,7 +259,7 @@ static rwf_t ovl_iocb_to_rwf(int ifl)
  static inline void ovl_aio_put(struct ovl_aio_req *aio_req)
  {
         if (refcount_dec_and_test(&aio_req->ref)) {
-               fdput(aio_req->fd);
+               fput(aio_req->iocb.ki_filp);
                 kmem_cache_free(ovl_aio_request_cachep, aio_req);
         }
  }
@@ -325,10 +324,9 @@ static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter)
                 if (!aio_req)
                         goto out;
  
-               aio_req->fd = real;
                 real.flags = 0;
                 aio_req->orig_iocb = iocb;
-               kiocb_clone(&aio_req->iocb, iocb, real.file);
+               kiocb_clone(&aio_req->iocb, iocb, get_file(real.file));
                 aio_req->iocb.ki_complete = ovl_aio_rw_complete;
                 refcount_set(&aio_req->ref, 2);
                 ret = vfs_iocb_iter_read(real.file, &aio_req->iocb, iter);
@@ -396,10 +394,9 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter)
                 /* Pacify lockdep, same trick as done in aio_write() */
                 __sb_writers_release(file_inode(real.file)->i_sb,
                                      SB_FREEZE_WRITE);
-               aio_req->fd = real;
                 real.flags = 0;
                 aio_req->orig_iocb = iocb;
-               kiocb_clone(&aio_req->iocb, iocb, real.file);
+               kiocb_clone(&aio_req->iocb, iocb, get_file(real.file));
                 aio_req->iocb.ki_flags = ifl;
                 aio_req->iocb.ki_complete = ovl_aio_rw_complete;
                 refcount_set(&aio_req->ref, 2);
author	Amir Goldstein <amir73il@gmail.com>
	Tue, 22 Aug 2023 17:50:59 +0000 (20:50 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 Sep 2023 09:11:10 +0000 (11:11 +0200)