Merge tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block into master

Pull io_uring fix from Jens Axboe: "Fix for a case where, with automatic buffer selection, we can leak the buffer descriptor for recvmsg" * tag 'io_uring-5.8-2020-07-17' of git://git.kernel.dk/linux-block: io_uring: fix recvmsg memory leak with buffer selection
author: Linus Torvalds 2020-07-17 10:47:51 -0700
committer: Linus Torvalds 2020-07-17 10:47:51 -0700
commit: 4ebf8d7649cd86c41c41bf48da4b7761da2d5009 (patch)
tree: a143d3e67b8d516103f2f7190b1e18700c6b4cce
parent: c9ea87dc6c3f48a8de02019fe52472a6cdfedd65 (diff)
parent: 681fda8d27a66f7e65ff7f2d200d7635e64a8d05 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 9fd7e69696c3..74bc4a04befa 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -3845,10 +3845,16 @@ static int io_recvmsg(struct io_kiocb *req, bool force_nonblock)
 
 		ret = __sys_recvmsg_sock(sock, &kmsg->msg, req->sr_msg.msg,
 						kmsg->uaddr, flags);
-		if (force_nonblock && ret == -EAGAIN)
-			return io_setup_async_msg(req, kmsg);
+		if (force_nonblock && ret == -EAGAIN) {
+			ret = io_setup_async_msg(req, kmsg);
+			if (ret != -EAGAIN)
+				kfree(kbuf);
+			return ret;
+		}
 		if (ret == -ERESTARTSYS)
 			ret = -EINTR;
+		if (kbuf)
+			kfree(kbuf);
 	}
 
 	if (kmsg && kmsg->iov != kmsg->fast_iov)
author	Linus Torvalds	2020-07-17 10:47:51 -0700
committer	Linus Torvalds	2020-07-17 10:47:51 -0700
commit	4ebf8d7649cd86c41c41bf48da4b7761da2d5009 (patch)
tree	a143d3e67b8d516103f2f7190b1e18700c6b4cce
parent	c9ea87dc6c3f48a8de02019fe52472a6cdfedd65 (diff)
parent	681fda8d27a66f7e65ff7f2d200d7635e64a8d05 (diff)