From: Sasha Levin <sasha.levin@oracle.com>
Date: Tue, 19 Nov 2013 22:33:03 +0000 (-0500)
Subject: aio: nullify aio->ring_pages after freeing it
X-Git-Tag: upstream/snapshot3+hdmi~3821^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ddb8c45ba15149ebd41d7586261c05f7ca37f9a1;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

aio: nullify aio->ring_pages after freeing it

After freeing ring_pages we leave it as is causing a dangling pointer. This
has already caused an issue so to help catching any issues in the future
NULL it out.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
---

diff --git a/fs/aio.c b/fs/aio.c
index 6313533..ad460d7 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -196,8 +196,10 @@ static void aio_free_ring(struct kioctx *ctx)
 
 	put_aio_ring_file(ctx);
 
-	if (ctx->ring_pages && ctx->ring_pages != ctx->internal_pages)
+	if (ctx->ring_pages && ctx->ring_pages != ctx->internal_pages) {
 		kfree(ctx->ring_pages);
+		ctx->ring_pages = NULL;
+	}
 }
 
 static int aio_ring_mmap(struct file *file, struct vm_area_struct *vma)