Oleg Nesterov <[email protected]> writes: > aio_free_ring() can actually see the NULL page in ->ring_pages[], > this can happen if aio_setup_ring() fails. > > And in this case page_count(ctx->ring_pages[i]) can OOPS. > > Signed-off-by: Oleg Nesterov <[email protected]>
I'm not sure the reformatting was necessary, but whatever. Reviewed-by: Jeff Moyer <[email protected]> > --- > fs/aio.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/fs/aio.c b/fs/aio.c > index b605ab2..666fbb8 100644 > --- a/fs/aio.c > +++ b/fs/aio.c > @@ -292,12 +292,12 @@ static void aio_free_ring(struct kioctx *ctx) > put_aio_ring_file(ctx); > > for (i = 0; i < ctx->nr_pages; i++) { > - struct page *page; > - pr_debug("pid(%d) [%d] page->count=%d\n", current->pid, i, > - page_count(ctx->ring_pages[i])); > - page = ctx->ring_pages[i]; > + struct page *page = ctx->ring_pages[i]; > if (!page) > continue; > + > + pr_debug("pid(%d) [%d] page->count=%d\n", > + current->pid, i, page_count(page)); > ctx->ring_pages[i] = NULL; > put_page(page); > } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
