5.7-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)
diff --git a/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch b/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch

new file mode 100644 (file)

index 0000000..99d1c4d
--- /dev/null
+++ b/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch
@@ -0,0 +1,41 @@
+From 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Wed, 15 Jul 2020 22:20:45 +0300
+Subject: io_uring: fix recvmsg memory leak with buffer selection
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 upstream.
+
+io_recvmsg() doesn't free memory allocated for struct io_buffer. This can
+causes a leak when used with automatic buffer selection.
+
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c |   10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -3884,10 +3884,16 @@ static int io_recvmsg(struct io_kiocb *r
+ 
+               ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.msg,
+                                               kmsg->uaddr, flags);
+-              if (force_nonblock && ret == -EAGAIN)
+-                      return io_setup_async_msg(req, kmsg);
++              if (force_nonblock && ret == -EAGAIN) {
++                      ret = io_setup_async_msg(req, kmsg);
++                      if (ret != -EAGAIN)
++                              kfree(kbuf);
++                      return ret;
++              }
+               if (ret == -ERESTARTSYS)
+                       ret = -EINTR;
++              if (kbuf)
++                      kfree(kbuf);
+       }
+ 
+       if (kmsg && kmsg->iov != kmsg->fast_iov)
diff --git a/queue-5.7/series b/queue-5.7/series

index c3e7c738a3bee3b8320ab853fe084d637664c480..71e64e2902e1571254217cf4cd9fb84825f92c02 100644 (file)
--- a/queue-5.7/series
+++ b/queue-5.7/series
@@ -72,3 +72,4 @@ net-ethernet-mvneta-do-not-error-out-in-non-serdes-m.patch
  net-ethernet-mvneta-add-back-interface-mode-validati.patch
  scsi-qla2xxx-make-1-bit-bit-fields-unsigned-int.patch
  spi-spi-fsl-dspi-fix-lockup-if-device-is-shutdown-du.patch
+io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 18 Jul 2020 06:10:28 +0000 (08:10 +0200)
queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch	[new file with mode: 0644]	patch \| blob
queue-5.7/series		patch \| blob \| blame \| history