projects / wrapfs-5.3.y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab03d9b)
io_uring: Fix corrupted user_data
authorPavel Begunkov <asml.silence@gmail.com>
Fri, 25 Oct 2019 09:31:29 +0000 (12:31 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 29 Oct 2019 08:22:04 +0000 (09:22 +0100)
commit 84d55dc5b9e57b513a702fbc358e1b5489651590 upstream.

There is a bug, where failed linked requests are returned not with
specified @user_data, but with garbage from a kernel stack.

The reason is that io_fail_links() uses req->user_data, which is
uninitialised when called from io_queue_sqe() on fail path.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/io_uring.c patch | blob | history

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 8a7a49ba4da6f49986ec08f1de84702ddb846368..79f9c9f7b298ea2840027ea36bc17d8c35d7c608 100644 (file)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2157,6 +2157,8 @@ static void io_submit_sqe(struct io_ring_ctx *ctx, struct sqe_submit *s,
                return;
        }
 
+       req->user_data = s->sqe->user_data;
+
        /*
         * If we already have a head request, queue this one for async
         * submittal once the head completes. If we don't have a head but
wrapfs-5.3.y