]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c8a3e63)
lib/iov_iter: fix import_iovec_ubuf iovec management
authorPavel Begunkov <asml.silence@gmail.com>
Fri, 31 Jan 2025 14:13:15 +0000 (14:13 +0000)
committerAndrew Morton <akpm@linux-foundation.org>
Tue, 18 Feb 2025 06:40:00 +0000 (22:40 -0800)
import_iovec() says that it should always be fine to kfree the iovec
returned in @iovp regardless of the error code.  __import_iovec_ubuf()
never reallocates it and thus should clear the pointer even in cases when
copy_iovec_*() fail.

Link: https://lkml.kernel.org/r/378ae26923ffc20fd5e41b4360d673bf47b1775b.1738332461.git.asml.silence@gmail.com
Fixes: 3b2deb0e46da ("iov_iter: import single vector iovecs as ITER_UBUF")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
lib/iov_iter.c patch | blob | blame | history

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 9ec806f989f258701cd30fada31204b15b578c9d..65f550cb5081b9e2e724d19c0de812a8f4230297 100644 (file)
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1428,6 +1428,8 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
        struct iovec *iov = *iovp;
        ssize_t ret;
 
+       *iovp = NULL;
+
        if (compat)
                ret = copy_compat_iovec_from_user(iov, uvec, 1);
        else
@@ -1438,7 +1440,6 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
        ret = import_ubuf(type, iov->iov_base, iov->iov_len, i);
        if (unlikely(ret))
                return ret;
-       *iovp = NULL;
        return i->count;
 }
 
A mirror of Linus' kernel repository