Commit d3f05a4c authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'io_uring-6.3-2023-04-06' of git://git.kernel.dk/linux

Pull io_uring fixes from Jens Axboe:
 "Just two minor fixes for provided buffers - one where we could
  potentially leak a buffer, and one where the returned values was
  off-by-one in some cases"

* tag 'io_uring-6.3-2023-04-06' of git://git.kernel.dk/linux:
  io_uring: fix memory leak when removing provided buffers
  io_uring: fix return value when removing provided buffers
parents 973ad544 b4a72c05
...@@ -2789,8 +2789,8 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx) ...@@ -2789,8 +2789,8 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
io_eventfd_unregister(ctx); io_eventfd_unregister(ctx);
io_alloc_cache_free(&ctx->apoll_cache, io_apoll_cache_free); io_alloc_cache_free(&ctx->apoll_cache, io_apoll_cache_free);
io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free); io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
mutex_unlock(&ctx->uring_lock);
io_destroy_buffers(ctx); io_destroy_buffers(ctx);
mutex_unlock(&ctx->uring_lock);
if (ctx->sq_creds) if (ctx->sq_creds)
put_cred(ctx->sq_creds); put_cred(ctx->sq_creds);
if (ctx->submitter_task) if (ctx->submitter_task)
......
...@@ -228,17 +228,18 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx, ...@@ -228,17 +228,18 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx,
return i; return i;
} }
/* the head kbuf is the list itself */ /* protects io_buffers_cache */
lockdep_assert_held(&ctx->uring_lock);
while (!list_empty(&bl->buf_list)) { while (!list_empty(&bl->buf_list)) {
struct io_buffer *nxt; struct io_buffer *nxt;
nxt = list_first_entry(&bl->buf_list, struct io_buffer, list); nxt = list_first_entry(&bl->buf_list, struct io_buffer, list);
list_del(&nxt->list); list_move(&nxt->list, &ctx->io_buffers_cache);
if (++i == nbufs) if (++i == nbufs)
return i; return i;
cond_resched(); cond_resched();
} }
i++;
return i; return i;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment