From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 18 Jul 2020 06:10:28 +0000 (+0200)
Subject: 5.7-stable patches
X-Git-Tag: v4.4.231~58
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2573f7957fc432dedcd3bf451fe78d580fbf711a;p=thirdparty%2Fkernel%2Fstable-queue.git

5.7-stable patches

added patches:
	io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch
---

diff --git a/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch b/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch
new file mode 100644
index 00000000000..99d1c4dc613
--- /dev/null
+++ b/queue-5.7/io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch
@@ -0,0 +1,41 @@
+From 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Wed, 15 Jul 2020 22:20:45 +0300
+Subject: io_uring: fix recvmsg memory leak with buffer selection
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 upstream.
+
+io_recvmsg() doesn't free memory allocated for struct io_buffer. This can
+causes a leak when used with automatic buffer selection.
+
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c |   10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -3884,10 +3884,16 @@ static int io_recvmsg(struct io_kiocb *r
+ 
+ 		ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.msg,
+ 						kmsg->uaddr, flags);
+-		if (force_nonblock && ret == -EAGAIN)
+-			return io_setup_async_msg(req, kmsg);
++		if (force_nonblock && ret == -EAGAIN) {
++			ret = io_setup_async_msg(req, kmsg);
++			if (ret != -EAGAIN)
++				kfree(kbuf);
++			return ret;
++		}
+ 		if (ret == -ERESTARTSYS)
+ 			ret = -EINTR;
++		if (kbuf)
++			kfree(kbuf);
+ 	}
+ 
+ 	if (kmsg && kmsg->iov != kmsg->fast_iov)
diff --git a/queue-5.7/series b/queue-5.7/series
index c3e7c738a3b..71e64e2902e 100644
--- a/queue-5.7/series
+++ b/queue-5.7/series
@@ -72,3 +72,4 @@ net-ethernet-mvneta-do-not-error-out-in-non-serdes-m.patch
 net-ethernet-mvneta-add-back-interface-mode-validati.patch
 scsi-qla2xxx-make-1-bit-bit-fields-unsigned-int.patch
 spi-spi-fsl-dspi-fix-lockup-if-device-is-shutdown-du.patch
+io_uring-fix-recvmsg-memory-leak-with-buffer-selection.patch