aio: hold an extra file reference over AIO read/write operations

Otherwise we might dereference an already freed file and/or inode when aio_complete is called before we return from the read_iter or write_iter method. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit 0b944d3a4bba6b25f43aed530f4fa85c04d162a6) Change-Id: I628a87b5036ba1ba5ba5152fa0329d02999d3649 Git-Commit: 0b944d3a4bba6b25f43aed530f4fa85c04d162a6 Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git [riteshh@codeaurora.org: resolve trivial merge conflicts] Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
author: Christoph Hellwig <hch@lst.de> 2016-10-30 11:42:01 -0500
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2018-09-10 08:29:21 -0700
commit: fc468d503559ec90e75ddba89ddf7aa6402d3258 (patch)
tree: 7768733b031ed551095d56efc76b98b051ca57e7
parent: 68cad04925b1feca8f5f597db2d30ae0bf2ddc34 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/aio.c b/fs/aio.c
index c4b508605bab..3fe07571f942 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1470,6 +1470,7 @@ rw_common:
 
 		len = ret;
 
+		get_file(file);
 		if (rw == WRITE)
 			file_start_write(file);
 
@@ -1477,6 +1478,7 @@ rw_common:
 
 		if (rw == WRITE)
 			file_end_write(file);
+		fput(file);
 		kfree(iovec);
 		break;
author	Christoph Hellwig <hch@lst.de>	2016-10-30 11:42:01 -0500
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2018-09-10 08:29:21 -0700
commit	fc468d503559ec90e75ddba89ddf7aa6402d3258 (patch)
tree	7768733b031ed551095d56efc76b98b051ca57e7
parent	68cad04925b1feca8f5f597db2d30ae0bf2ddc34 (diff)