projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b870062)
io_uring/net: fix cleanup after recycle
authorPavel Begunkov <asml.silence@gmail.com>
Mon, 19 Dec 2022 15:11:40 +0000 (15:11 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 31 Dec 2022 12:33:12 +0000 (13:33 +0100)
commit 6c3e8955d4bd9811a6e1761eea412a14fb51a2e6 upstream.

Don't access io_async_msghdr io_netmsg_recycle(), it may be reallocated.

Cc: stable@vger.kernel.org
Fixes: 9bb66906f23e5 ("io_uring: support multishot in recvmsg")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/9e326f4ad4046ddadf15bf34bf3fa58c6372f6b5.1671461985.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
io_uring/net.c patch | blob | history

diff --git a/io_uring/net.c b/io_uring/net.c
index d19763d..bdd2b4e 100644 (file)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -806,10 +806,10 @@ retry_multishot:
                goto retry_multishot;
 
        if (mshot_finished) {
-               io_netmsg_recycle(req, issue_flags);
                /* fast path, check for non-NULL to avoid function call */
                if (kmsg->free_iov)
                        kfree(kmsg->free_iov);
+               io_netmsg_recycle(req, issue_flags);
                req->flags &= ~REQ_F_NEED_CLEANUP;
        }
 
Domain: System / Kernel;