Commit b65e0dd6 authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Jens Axboe
Browse files

io_uring: mark ->work uninitialised after cleanup 



Remove REQ_F_WORK_INITIALIZED after io_req_clean_work(). That's a cold
path but is safer for those using io_req_clean_work() out of
*dismantle_req()/*io_free(). And for the same reason zero work.fs

Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f56040b8

fs/io_uring.c

+2 −1
Original line number Diff line number Diff line
@@ -1141,7 +1141,9 @@ static void io_req_clean_work(struct io_kiocb *req) 
		spin_unlock(&req->work.fs->lock);

		if (fs)

			free_fs_struct(fs);

		req->work.fs = NULL;

	}

	req->flags &= ~REQ_F_WORK_INITIALIZED;

}



static void io_prep_async_work(struct io_kiocb *req)
@@ -4969,7 +4971,6 @@ static int io_poll_add(struct io_kiocb *req) 


	/* ->work is in union with hash_node and others */

	io_req_clean_work(req);

	req->flags &= ~REQ_F_WORK_INITIALIZED;



	INIT_HLIST_NODE(&req->hash_node);

	ipt.pt._qproc = io_poll_queue_proc;

CRA Git | Maintained and supported by SUSTech CRA and CCSE