* [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management
@ 2025-01-31 14:13 Pavel Begunkov
2025-01-31 14:29 ` Jens Axboe
2025-01-31 16:06 ` Pavel Begunkov
0 siblings, 2 replies; 4+ messages in thread
From: Pavel Begunkov @ 2025-01-31 14:13 UTC (permalink / raw)
To: Alexander Viro, linux-kernel
Cc: Christian Brauner, Jens Axboe, Andrew Morton, asml.silence
import_iovec() says that it should always be fine to kfree the iovec
returned in @iovp regardless of the error code. __import_iovec_ubuf()
never reallocates it and thus should clear the pointer even in cases
when copy_iovec_*() fail.
Cc: stable@vger.kernel.org
Fixes: 3b2deb0e46da9 ("iov_iter: import single vector iovecs as ITER_UBUF")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---
lib/iov_iter.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 9ec806f989f25..65f550cb5081b 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1428,6 +1428,8 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
struct iovec *iov = *iovp;
ssize_t ret;
+ *iovp = NULL;
+
if (compat)
ret = copy_compat_iovec_from_user(iov, uvec, 1);
else
@@ -1438,7 +1440,6 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
ret = import_ubuf(type, iov->iov_base, iov->iov_len, i);
if (unlikely(ret))
return ret;
- *iovp = NULL;
return i->count;
}
--
2.47.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management
2025-01-31 14:13 [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management Pavel Begunkov
@ 2025-01-31 14:29 ` Jens Axboe
2025-01-31 16:06 ` Pavel Begunkov
1 sibling, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2025-01-31 14:29 UTC (permalink / raw)
To: Pavel Begunkov, Alexander Viro, linux-kernel
Cc: Christian Brauner, Andrew Morton
On 1/31/25 7:13 AM, Pavel Begunkov wrote:
> import_iovec() says that it should always be fine to kfree the iovec
> returned in @iovp regardless of the error code. __import_iovec_ubuf()
> never reallocates it and thus should clear the pointer even in cases
> when copy_iovec_*() fail.
Looks good to me:
Reviewed-by: Jens Axboe <axboe@kernel.dk>
--
Jens Axboe
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management
2025-01-31 14:13 [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management Pavel Begunkov
2025-01-31 14:29 ` Jens Axboe
@ 2025-01-31 16:06 ` Pavel Begunkov
2025-01-31 16:12 ` Jens Axboe
1 sibling, 1 reply; 4+ messages in thread
From: Pavel Begunkov @ 2025-01-31 16:06 UTC (permalink / raw)
To: Alexander Viro, linux-kernel; +Cc: Christian Brauner, Jens Axboe, Andrew Morton
On 1/31/25 14:13, Pavel Begunkov wrote:
> import_iovec() says that it should always be fine to kfree the iovec
> returned in @iovp regardless of the error code. __import_iovec_ubuf()
> never reallocates it and thus should clear the pointer even in cases
> when copy_iovec_*() fail.
To be fair, all callers I checked don't look at the returned iovec
if import_iovec*() fails, but I didn't track down all of them.
--
Pavel Begunkov
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management
2025-01-31 16:06 ` Pavel Begunkov
@ 2025-01-31 16:12 ` Jens Axboe
0 siblings, 0 replies; 4+ messages in thread
From: Jens Axboe @ 2025-01-31 16:12 UTC (permalink / raw)
To: Pavel Begunkov, Alexander Viro, linux-kernel
Cc: Christian Brauner, Andrew Morton
On 1/31/25 9:06 AM, Pavel Begunkov wrote:
> On 1/31/25 14:13, Pavel Begunkov wrote:
>> import_iovec() says that it should always be fine to kfree the iovec
>> returned in @iovp regardless of the error code. __import_iovec_ubuf()
>> never reallocates it and thus should clear the pointer even in cases
>> when copy_iovec_*() fail.
>
> To be fair, all callers I checked don't look at the returned iovec
> if import_iovec*() fails, but I didn't track down all of them.
Yep I also checked too and didn't spot any issues from this, but it's
still prudent to clean it up.
--
Jens Axboe
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-01-31 16:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-31 14:13 [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management Pavel Begunkov
2025-01-31 14:29 ` Jens Axboe
2025-01-31 16:06 ` Pavel Begunkov
2025-01-31 16:12 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox