On Sun, 2022-05-01 at 14:56 -0600, Jens Axboe wrote:
> There's no point in having callers provide a kbuf, we're just
> returning
> the address anyway.
>
> Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
> ---
> fs/io_uring.c | 42 ++++++++++++++++++------------------------
> 1 file changed, 18 insertions(+), 24 deletions(-)
>
...
> @@ -6013,10 +6006,11 @@ static int io_recv(struct io_kiocb *req,
> unsigned int issue_flags)
> return -ENOTSOCK;
>
> if (req->flags & REQ_F_BUFFER_SELECT) {
> - kbuf = io_buffer_select(req, &sr->len, sr->bgid,
> issue_flags);
> - if (IS_ERR(kbuf))
> - return PTR_ERR(kbuf);
> - buf = u64_to_user_ptr(kbuf->addr);
> + void __user *buf;
this now shadows the outer buf, and so does not work at all as the buf
value is lost.
A bit surprised this did not show up in any tests.
> +
> + buf = io_buffer_select(req, &sr->len, sr->bgid,
> issue_flags);
> + if (IS_ERR(buf))
> + return PTR_ERR(buf);
> }
>
> ret = import_single_range(READ, buf, sr->len, &iov,
> &msg.msg_iter);
