On 5/5/20 2:28 AM, Xiaoguang Wang wrote: > If copy_to_user() in io_uring_setup() failed, we'll leak many kernel > resources, which will be recycled until process terminates. This bug > can be reproduced by using mprotect to set params to PROT_READ. To fix > this issue, refactor io_uring_create() a bit to add a new 'struct > io_uring_params __user *params' parameter and move the copy_to_user() > in io_uring_setup() to io_uring_setup(), if copy_to_user() failed, > we can free kernel resource properly. Applied, thanks! -- Jens Axboe
