From: Greg Kroah-Hartman Date: Mon, 25 Apr 2022 15:48:18 +0000 (+0200) Subject: 5.17-stable patches X-Git-Tag: v4.9.312~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=420fe5562cbddca1e6dfac1efc378c61a3b44560;p=thirdparty%2Fkernel%2Fstable-queue.git 5.17-stable patches added patches: io_uring-fix-leaks-on-iopoll-and-cqe_skip.patch --- diff --git a/queue-5.17/io_uring-fix-leaks-on-iopoll-and-cqe_skip.patch b/queue-5.17/io_uring-fix-leaks-on-iopoll-and-cqe_skip.patch new file mode 100644 index 00000000000..c311df973fd --- /dev/null +++ b/queue-5.17/io_uring-fix-leaks-on-iopoll-and-cqe_skip.patch @@ -0,0 +1,42 @@ +From c0713540f6d55c53dca65baaead55a5a8b20552d Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Sun, 17 Apr 2022 10:10:34 +0100 +Subject: io_uring: fix leaks on IOPOLL and CQE_SKIP + +From: Pavel Begunkov + +commit c0713540f6d55c53dca65baaead55a5a8b20552d upstream. + +If all completed requests in io_do_iopoll() were marked with +REQ_F_CQE_SKIP, we'll not only skip CQE posting but also +io_free_batch_list() leaking memory and resources. + +Move @nr_events increment before REQ_F_CQE_SKIP check. We'll potentially +return the value greater than the real one, but iopolling will deal with +it and the userspace will re-iopoll if needed. In anyway, I don't think +there are many use cases for REQ_F_CQE_SKIP + IOPOLL. + +Fixes: 83a13a4181b0e ("io_uring: tweak iopoll CQE_SKIP event counting") +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/5072fc8693fbfd595f89e5d4305bfcfd5d2f0a64.1650186611.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -2612,11 +2612,10 @@ static int io_do_iopoll(struct io_ring_c + /* order with io_complete_rw_iopoll(), e.g. ->result updates */ + if (!smp_load_acquire(&req->iopoll_completed)) + break; ++ nr_events++; + if (unlikely(req->flags & REQ_F_CQE_SKIP)) + continue; +- + __io_fill_cqe(ctx, req->user_data, req->result, io_put_kbuf(req)); +- nr_events++; + } + + if (unlikely(!nr_events)) diff --git a/queue-5.17/series b/queue-5.17/series index 5510093a86e..bd303005e76 100644 --- a/queue-5.17/series +++ b/queue-5.17/series @@ -142,3 +142,4 @@ ext4-update-the-cached-overhead-value-in-the-superblock.patch jbd2-fix-a-potential-race-while-discarding-reserved-buffers-after-an-abort.patch spi-atmel-quadspi-fix-the-buswidth-adjustment-between-spi-mem-and-controller.patch asoc-sof-topology-cleanup-dailinks-on-widget-unload.patch +io_uring-fix-leaks-on-iopoll-and-cqe_skip.patch