From 17e3675fe3a85641d5413afef3e74066570778d5 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Wed, 19 Jun 2013 10:05:20 +1000 Subject: [PATCH] fput-task_work_add-can-fail-if-the-caller-has-passed-exit_task_work-fix add comment Cc: "Eric W. Biederman" Cc: Al Viro Cc: Andrey Vagin Cc: David Howells Cc: Oleg Nesterov Signed-off-by: Andrew Morton --- fs/file_table.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/file_table.c b/fs/file_table.c index 485dc0eddd67..3a2bbc5b2cf5 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -313,6 +313,12 @@ void fput(struct file *file) init_task_work(&file->f_u.fu_rcuhead, ____fput); if (!task_work_add(task, &file->f_u.fu_rcuhead, true)) return; + /* + * After this task has run exit_task_work(), + * task_work_add() will fail. free_ipc_ns()-> + * shm_destroy() can do this. Fall through to delayed + * fput to avoid leaking *file. + */ } spin_lock_irqsave(&delayed_fput_lock, flags); list_add(&file->f_u.fu_list, &delayed_fput_list); -- 2.39.5