Re: [PATCH] aio: prevent the final fput() in the middle of vfs_poll() (Re: KASAN: use-after-free Read in unix_dgram_poll)
From: Linus Torvalds
Date: Sun Mar 03 2019 - 15:13:55 EST
On Sun, Mar 3, 2019 at 11:44 AM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> But doesn't it look nice to see
>
> 2 files changed, 41 insertions(+), 50 deletions(-)
>
> with actual code reduction, and a fundamental simplification in
> handling of the file pointer?
A coupl,e of the changes are "useless", and do the same thing as not
having them at all:
- struct inode *inode = file_inode(kiocb->ki_filp);
+ struct inode *inode = file_inode(iocb->ki_filp);
- file_end_write(kiocb->ki_filp);
+ file_end_write(iocb->ki_filp);
because the "ki_filp" ends up existing in both kiocb and iocb. At one
point of editing that file I decided to try to just remove it from the
sub-structs entirely and only keep it in the top-level structure, but
it needs to be inside the 'struct kiocb' anyway for all the other
users outside of fs/aio.c.
Anyway, I don't think the patch is wrong (although I haven't actually
_tested_ it) but I wanted to point out that those two one-liner
changes are just "noise" that doesn't matter for the working of the
patch.
In the above, we have 'kiocb' being the embedded 'struct kiocb', and
'iocb' is the 'struct aio_kiocb' that contains it. 'ki_filp' is the
exact same field in both cases.
Linus
Linus