diff options
author | Pavel Begunkov <asml.silence@gmail.com> | 2021-02-17 22:02:36 +0100 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2021-02-17 22:27:51 +0100 |
commit | fe1cdd558619546f76643878e7aa521c32d52131 (patch) | |
tree | 805a7ade79b60cb174a724b95460e594de4c9360 /fs/io_uring.c | |
parent | io_uring: tctx->task_lock should be IRQ safe (diff) | |
download | linux-fe1cdd558619546f76643878e7aa521c32d52131.tar.xz linux-fe1cdd558619546f76643878e7aa521c32d52131.zip |
io_uring: fix read memory leak
Don't forget to free iovec read inline completion and bunch of other
cases that do "goto done" before setting up an async context.
Fixes: 5ea5dd45844d ("io_uring: inline io_read()'s iovec freeing")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs/io_uring.c')
-rw-r--r-- | fs/io_uring.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 58dd10481106..4352bcea3d9d 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3602,10 +3602,7 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) ret = io_iter_do_read(req, iter); if (ret == -EIOCBQUEUED) { - /* it's faster to check here then delegate to kfree */ - if (iovec) - kfree(iovec); - return 0; + goto out_free; } else if (ret == -EAGAIN) { /* IOPOLL retry should happen for io-wq threads */ if (!force_nonblock && !(req->ctx->flags & IORING_SETUP_IOPOLL)) @@ -3626,6 +3623,7 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) if (ret2) return ret2; + iovec = NULL; rw = req->async_data; /* now use our persistent iterator, if we aren't already */ iter = &rw->iter; @@ -3652,6 +3650,10 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) } while (ret > 0 && ret < io_size); done: kiocb_done(kiocb, ret, issue_flags); +out_free: + /* it's faster to check here then delegate to kfree */ + if (iovec) + kfree(iovec); return 0; } |