From 1ee33c8f36acaea07db17aa1748b6628eb1fa453 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 16 Oct 2022 09:09:56 +0200 Subject: [PATCH] 5.15-stable patches added patches: io_uring-net-don-t-update-msg_name-if-not-provided.patch io_uring-rw-fix-unexpected-link-breakage.patch --- ...on-t-update-msg_name-if-not-provided.patch | 33 ++++++++++++++++ ...ring-rw-fix-unexpected-link-breakage.patch | 38 +++++++++++++++++++ queue-5.15/series | 2 + 3 files changed, 73 insertions(+) create mode 100644 queue-5.15/io_uring-net-don-t-update-msg_name-if-not-provided.patch create mode 100644 queue-5.15/io_uring-rw-fix-unexpected-link-breakage.patch diff --git a/queue-5.15/io_uring-net-don-t-update-msg_name-if-not-provided.patch b/queue-5.15/io_uring-net-don-t-update-msg_name-if-not-provided.patch new file mode 100644 index 00000000000..ab547ba6c75 --- /dev/null +++ b/queue-5.15/io_uring-net-don-t-update-msg_name-if-not-provided.patch @@ -0,0 +1,33 @@ +From 6f10ae8a155446248055c7ddd480ef40139af788 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Thu, 29 Sep 2022 22:23:18 +0100 +Subject: io_uring/net: don't update msg_name if not provided + +From: Pavel Begunkov + +commit 6f10ae8a155446248055c7ddd480ef40139af788 upstream. + +io_sendmsg_copy_hdr() may clear msg->msg_name if the userspace didn't +provide it, we should retain NULL in this case. + +Cc: stable@vger.kernel.org +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/97d49f61b5ec76d0900df658cfde3aa59ff22121.1664486545.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -4763,7 +4763,8 @@ static int io_setup_async_msg(struct io_ + async_msg = req->async_data; + req->flags |= REQ_F_NEED_CLEANUP; + memcpy(async_msg, kmsg, sizeof(*kmsg)); +- async_msg->msg.msg_name = &async_msg->addr; ++ if (async_msg->msg.msg_name) ++ async_msg->msg.msg_name = &async_msg->addr; + /* if were using fast_iov, set it to the new one */ + if (!async_msg->free_iov) + async_msg->msg.msg_iter.iov = async_msg->fast_iov; diff --git a/queue-5.15/io_uring-rw-fix-unexpected-link-breakage.patch b/queue-5.15/io_uring-rw-fix-unexpected-link-breakage.patch new file mode 100644 index 00000000000..a5201fbf1ea --- /dev/null +++ b/queue-5.15/io_uring-rw-fix-unexpected-link-breakage.patch @@ -0,0 +1,38 @@ +From bf68b5b34311ee57ed40749a1257a30b46127556 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Tue, 27 Sep 2022 00:44:39 +0100 +Subject: io_uring/rw: fix unexpected link breakage + +From: Pavel Begunkov + +commit bf68b5b34311ee57ed40749a1257a30b46127556 upstream. + +req->cqe.res is set in io_read() to the amount of bytes left to be done, +which is used to figure out whether to fail a read or not. However, +io_read() may do another without returning, and we stash the previous +value into ->bytes_done but forget to update cqe.res. Then we ask a read +to do strictly less than cqe.res but expect the return to be exactly +cqe.res. + +Fix the bug by updating cqe.res for retries. + +Cc: stable@vger.kernel.org +Reported-and-Tested-by: Beld Zhang +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/3a1088440c7be98e5800267af922a67da0ef9f13.1664235732.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -3600,6 +3600,7 @@ static int io_read(struct io_kiocb *req, + return -EAGAIN; + } + ++ req->cqe.res = iov_iter_count(&s->iter); + /* + * Now retry read with the IOCB_WAITQ parts set in the iocb. If + * we get -EIOCBQUEUED, then we'll get a notification when the diff --git a/queue-5.15/series b/queue-5.15/series index f82d22908a9..d23ea8575cc 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -8,3 +8,5 @@ alsa-hda-realtek-correct-pin-configs-for-asus-g533z.patch alsa-hda-realtek-add-quirk-for-asus-gv601r-laptop.patch alsa-hda-realtek-add-intel-reference-ssid-to-support-headset-keys.patch mtd-rawnand-atmel-unmap-streaming-dma-mappings.patch +io_uring-rw-fix-unexpected-link-breakage.patch +io_uring-net-don-t-update-msg_name-if-not-provided.patch -- 2.47.3