From: Jens Axboe <axboe@kernel.dk>
To: io-uring <io-uring@vger.kernel.org>
Subject: [PATCH] io_uring: initialize io_buffer_list head when shared ring is unregistered
Date: Wed, 18 May 2022 14:38:41 -0600 [thread overview]
Message-ID: <6d49f50d-52ca-a12e-8f7e-99db5b97ff9f@kernel.dk> (raw)
We use ->buf_pages != 0 to tell if this is a shared buffer ring or a
classic provided buffer group. If we unregister the shared ring and
then attempt to use it, buf_pages is zero yet the classic list head
isn't properly initialized. This causes io_buffer_select() to think
that we have classic buffers available, but then we crash when we try
and get one from the list.
Just initialize the list if we unregister a shared buffer ring, leaving
it in a sane state for either re-registration or for attempting to use
it.
Fixes: c7fb19428d67 ("io_uring: add support for ring mapped supplied buffers")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
diff --git a/fs/io_uring.c b/fs/io_uring.c
index a210a2c0429d..23d68f8dfc66 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -12200,6 +12200,9 @@ static int io_unregister_pbuf_ring(struct io_ring_ctx *ctx, void __user *arg)
if (bl->bgid >= BGID_ARRAY) {
xa_erase(&ctx->io_bl_xa, bl->bgid);
kfree(bl);
+ } else {
+ /* make sure it's seen as empty */
+ INIT_LIST_HEAD(&bl->buf_list);
}
return 0;
}
--
Jens Axboe
next reply other threads:[~2022-05-18 20:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-18 20:38 Jens Axboe [this message]
2022-05-18 20:58 ` [PATCH v2] io_uring: initialize io_buffer_list head when shared ring is unregistered Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d49f50d-52ca-a12e-8f7e-99db5b97ff9f@kernel.dk \
--to=axboe@kernel.dk \
--cc=io-uring@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.