diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-07-17 10:47:51 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-07-17 10:47:51 -0700 |
commit | 4ebf8d7649cd86c41c41bf48da4b7761da2d5009 (patch) | |
tree | a143d3e67b8d516103f2f7190b1e18700c6b4cce | |
parent | c9ea87dc6c3f48a8de02019fe52472a6cdfedd65 (diff) | |
parent | 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 (diff) |
Merge tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master
Pull io_uring fix from Jens Axboe:
"Fix for a case where, with automatic buffer selection, we can leak the
buffer descriptor for recvmsg"
* tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block:
io_uring: fix recvmsg memory leak with buffer selection
-rw-r--r-- | fs/io_uring.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 9fd7e69696c3..74bc4a04befa 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3845,10 +3845,16 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock) ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.msg, kmsg->uaddr, flags); - if (force_nonblock && ret == -EAGAIN) - return io_setup_async_msg(req, kmsg); + if (force_nonblock && ret == -EAGAIN) { + ret = io_setup_async_msg(req, kmsg); + if (ret != -EAGAIN) + kfree(kbuf); + return ret; + } if (ret == -ERESTARTSYS) ret = -EINTR; + if (kbuf) + kfree(kbuf); } if (kmsg && kmsg->iov != kmsg->fast_iov) |