tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

io_uring/kbuf: fix missing BUF_MORE for incremental buffers at EOF

For a zero length transfer, io_kbuf_inc_commit() is called with !len.
Since we never enter the while loop to consume the buffers,
io_kbuf_inc_commit() ends up returning true, consuming the buffer. But
if no data was consumed, by definition it cannot have consumed the
buffer. Return false for that case.

Reported-by: Martin Michaelis <code@mgjm.de>
Cc: stable@vger.kernel.org
Fixes: ae98dbf43d75 ("io_uring/kbuf: add support for incremental buffer consumption")
Link: https://github.com/axboe/liburing/issues/1553
Signed-off-by: Jens Axboe <axboe@kernel.dk>

Jens Axboe 3ecd3e03 a68ed2df

+4
+4
io_uring/kbuf.c
··· 34 34 35 35 static bool io_kbuf_inc_commit(struct io_buffer_list *bl, int len) 36 36 { 37 + /* No data consumed, return false early to avoid consuming the buffer */ 38 + if (!len) 39 + return false; 40 + 37 41 while (len) { 38 42 struct io_uring_buf *buf; 39 43 u32 buf_len, this_len;