io_uring: use rcu_dereference in io_close

Accessing the file table needs a rcu_dereference_protected().

Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220518084005.3255380-7-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/fs/io_uring.c b/fs/io_uring.c
index e24eb20..7b27afd 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -5372,7 +5372,8 @@ static int io_close(struct io_kiocb *req, unsigned int issue_flags)
                spin_unlock(&files->file_lock);
                goto err;
        }
-       file = fdt->fd[close->fd];
+       file = rcu_dereference_protected(fdt->fd[close->fd],
+                       lockdep_is_held(&files->file_lock));
        if (!file || file->f_op == &io_uring_fops) {
                spin_unlock(&files->file_lock);
                file = NULL;