aio: fix potential race at get_unused_fd()

This commit is contained in:
Thomas Schoebel-Theuer 2019-04-11 16:36:25 +02:00
parent d58c4f317d
commit 20fc88fed9
1 changed files with 10 additions and 1 deletions

View File

@ -722,6 +722,7 @@ EXPORT_SYMBOL(fd_uninstall);
static
atomic_t ioctx_count = ATOMIC_INIT(0);
static DEFINE_MUTEX(_fd_lock);
static
void _destroy_ioctx(struct aio_output *output)
@ -771,10 +772,16 @@ void _destroy_ioctx(struct aio_output *output)
*/
static int _get_fd(void)
{
int err;
struct files_struct *files;
int err = -EINVAL;
int count = 0;
do {
mutex_lock(&_fd_lock);
files = current->files;
CHECK_PTR(files, done);
/* see f938612dd97d481b8b5bf960c992ae577f081c17
* and 1a7bd2265fc57f29400d57f66275cc5918e30aa6
*/
@ -783,8 +790,10 @@ static int _get_fd(void)
#else
err = get_unused_fd_flags(0);
#endif
mutex_unlock(&_fd_lock);
/* safety workaround: skip standard Unix filehandles */
} while (err >= 0 && err <= 2 && count++ < 3);
done:
return err;
}