summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-07-17 10:47:51 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2020-07-17 10:47:51 -0700
commit4ebf8d7649cd86c41c41bf48da4b7761da2d5009 (patch)
treea143d3e67b8d516103f2f7190b1e18700c6b4cce
parentc9ea87dc6c3f48a8de02019fe52472a6cdfedd65 (diff)
parent681fda8d27a66f7e65ff7f2d200d7635e64a8d05 (diff)
Merge tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master
Pull io_uring fix from Jens Axboe: "Fix for a case where, with automatic buffer selection, we can leak the buffer descriptor for recvmsg" * tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block: io_uring: fix recvmsg memory leak with buffer selection
-rw-r--r--fs/io_uring.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 9fd7e69696c3..74bc4a04befa 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3845,10 +3845,16 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock)
ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.msg,
kmsg->uaddr, flags);
- if (force_nonblock && ret == -EAGAIN)
- return io_setup_async_msg(req, kmsg);
+ if (force_nonblock && ret == -EAGAIN) {
+ ret = io_setup_async_msg(req, kmsg);
+ if (ret != -EAGAIN)
+ kfree(kbuf);
+ return ret;
+ }
if (ret == -ERESTARTSYS)
ret = -EINTR;
+ if (kbuf)
+ kfree(kbuf);
}
if (kmsg && kmsg->iov != kmsg->fast_iov)