From: Pavel Begunkov asml.silence@gmail.com
commit 1e5d770bb8a23dd01e28e92f4fb0b1093c8bdbe6 upstream.
An active ref_node always can be found in ctx->files_data, it's much safer to get it this way instead of poking into files_data->ref_list.
Signed-off-by: Pavel Begunkov asml.silence@gmail.com Cc: stable@vger.kernel.org # v5.7+ Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/io_uring.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
--- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6854,9 +6854,8 @@ static int io_sqe_files_unregister(struc return -ENXIO;
spin_lock(&data->lock); - if (!list_empty(&data->ref_list)) - ref_node = list_first_entry(&data->ref_list, - struct fixed_file_ref_node, node); + ref_node = container_of(data->cur_refs, struct fixed_file_ref_node, + refs); spin_unlock(&data->lock); if (ref_node) percpu_ref_kill(&ref_node->refs);