From 0bf1dbee9baf3e78bff297245178f8c9a8ef8670 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Wed, 18 May 2022 10:40:05 +0200
Subject: [PATCH] io_uring: use rcu_dereference in io_close
Git-commit: 0bf1dbee9baf3e78bff297245178f8c9a8ef8670
Patch-mainline: v5.19-rc1
References: bsc#1205205

Accessing the file table needs a rcu_dereference_protected().

Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220518084005.3255380-7-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
---
 fs/io_uring.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/io_uring.c b/fs/io_uring.c
index e24eb20f7e30..7b27afdab0e6 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -5372,7 +5372,8 @@ static int io_close(struct io_kiocb *req, unsigned int issue_flags)
 		spin_unlock(&files->file_lock);
 		goto err;
 	}
-	file = fdt->fd[close->fd];
+	file = rcu_dereference_protected(fdt->fd[close->fd],
+			lockdep_is_held(&files->file_lock));
 	if (!file || file->f_op == &io_uring_fops) {
 		spin_unlock(&files->file_lock);
 		file = NULL;
-- 
2.35.3