The patch below does not apply to the 5.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 1e5d770bb8a23dd01e28e92f4fb0b1093c8bdbe6 Mon Sep 17 00:00:00 2001
From: Pavel Begunkov asml.silence@gmail.com Date: Wed, 18 Nov 2020 14:56:25 +0000 Subject: [PATCH] io_uring: get an active ref_node from files_data
An active ref_node always can be found in ctx->files_data, it's much safer to get it this way instead of poking into files_data->ref_list.
Signed-off-by: Pavel Begunkov asml.silence@gmail.com Cc: stable@vger.kernel.org # v5.7+ Signed-off-by: Jens Axboe axboe@kernel.dk
diff --git a/fs/io_uring.c b/fs/io_uring.c index b205c1df3f74..5cb194ca4fce 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6974,9 +6974,7 @@ static int io_sqe_files_unregister(struct io_ring_ctx *ctx) return -ENXIO;
spin_lock(&data->lock); - if (!list_empty(&data->ref_list)) - ref_node = list_first_entry(&data->ref_list, - struct fixed_file_ref_node, node); + ref_node = data->node; spin_unlock(&data->lock); if (ref_node) percpu_ref_kill(&ref_node->refs);