From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeff Moyer <jmoyer@redhat.com>
Subject: Re: [PATCH 0/4] Fix possible use after free with AIO
Date: Wed, 23 Jan 2013 11:03:03 -0500
Message-ID: <x498v7jyjig.fsf@segfault.boston.devel.redhat.com>
References: <1358945780-23661-1-git-send-email-jack@suse.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: linux-fsdevel@vger.kernel.org, tytso@mit.edu, bpm@sgi.com,
	jlbec@evilplan.org
To: Jan Kara <jack@suse.cz>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:30802 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756434Ab3AWQEO (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 23 Jan 2013 11:04:14 -0500
In-Reply-To: <1358945780-23661-1-git-send-email-jack@suse.cz> (Jan Kara's
	message of "Wed, 23 Jan 2013 13:56:16 +0100")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Jan Kara <jack@suse.cz> writes:

>   Hi,
>
>   when simplifying ext4 IO completion code I realized that the only 
> thing pinning inode while AIO is running is file reference from kiocb. 
> Thus once aio_complete() is called, inode can be freed. So calling
> inode_dio_complete() after aio_complete() is possibly modifying
> already freed inode (although practically the race window is tiny).
>
> This patch series fixes all the problematic sites. Patches are 
> completely independent so each of them can go through the respective 
> maintainer. 

for the series:

Acked-by: Jeff Moyer <jmoyer@redhat.com>