Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
io_uring/net: ensure vectored buffer node import is tied to notification
When support for vectored registered buffers was added, the import
itself is using 'req' rather than the notification io_kiocb, sr->notif.
For non-vectored imports, sr->notif is correctly used. This is important
as the lifetime of the two may be different. Use the correct io_kiocb
for the vectored buffer import.
Cc: stable@vger.kernel.org
Fixes: 23371eac7d9a ("io_uring/net: implement vectored reg bufs for zctx")
Reported-by: Google Big Sleep <big-sleep-vuln-reports+bigsleep-463332873@google.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
+4
-2
+4
-2
io_uring/net.c
+4
-2
io_uring/net.c
···
1532
1532
unsigned uvec_segs = kmsg->msg.msg_iter.nr_segs;
1533
1533
int ret;
1534
1534
1535
-
ret = io_import_reg_vec(ITER_SOURCE, &kmsg->msg.msg_iter, req,
1536
-
&kmsg->vec, uvec_segs, issue_flags);
1535
+
sr->notif->buf_index = req->buf_index;
1536
+
ret = io_import_reg_vec(ITER_SOURCE, &kmsg->msg.msg_iter,
1537
+
sr->notif, &kmsg->vec, uvec_segs,
1538
+
issue_flags);
1537
1539
if (unlikely(ret))
1538
1540
return ret;
1539
1541
req->flags &= ~REQ_F_IMPORT_BUFFER;