asedeno.scripts.mit.edu Git - linux.git/commit

]> asedeno.scripts.mit.edu Git - linux.git/commit

author	Pavel Begunkov <asml.silence@gmail.com>
	Tue, 18 Feb 2020 21:19:09 +0000 (00:19 +0300)
committer	Jens Axboe <axboe@kernel.dk>
	Wed, 19 Feb 2020 00:12:23 +0000 (17:12 -0700)
commit	929a3af90f0f4bd7132d83552c1a98c83f60ef7e
tree	0d485e68f97162440e341abbafc3aa268b7fcd0b	tree \| snapshot
parent	297a31e3e8318f533cff4fe33ffaefb74f72c6e2	commit \| diff

io_uring: fix use-after-free by io_cleanup_req()

io_cleanup_req() should be called before req->io is freed, and so
shouldn't be after __io_free_req() -> __io_req_aux_free(). Also,
it will be ignored for in io_free_req_many(), which use
__io_req_aux_free().

Place cleanup_req() into __io_req_aux_free().

Fixes: 99bc4c38537d774 ("io_uring: fix iovec leaks")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

fs/io_uring.c

diff | blob | history

local clone of linux.git

RSS Atom