From: Al Viro <viro@zeniv.linux.org.uk> mainline inclusion from mainline-v6.13-rc1 commit 1fa4ffd8e6f6d001da27f00382af79bad0336091 category: cleanup bugzilla: https://gitee.com/openeuler/kernel/issues/ICD3KI CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ---------------------------------------------------------------------- At that point nobody else has references to the victim files_struct; as the matter of fact, the caller will free it immediately after close_files() returns, with no RCU delays or anything of that sort. That's why we are not protecting against fdtable reallocation on expansion, not cleaning the bitmaps, etc. There's no point zeroing the pointers in ->fd[] either, let alone make that an atomic operation. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- fs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/file.c b/fs/file.c index b5780c9e0098..c37c958514e7 100644 --- a/fs/file.c +++ b/fs/file.c @@ -426,7 +426,7 @@ static struct fdtable *close_files(struct files_struct * files) set = fdt->open_fds[j++]; while (set) { if (set & 1) { - struct file * file = xchg(&fdt->fd[i], NULL); + struct file *file = fdt->fd[i]; if (file) { files_cg_unalloc_fd(files, 1); filp_close(file, files); -- 2.20.1