On Fri, 23 Sep 2022 16:23:34 +0100, Pavel Begunkov wrote:
> We should not assume anything about ->free_iov just from
> REQ_F_ASYNC_DATA but rather rely on REQ_F_NEED_CLEANUP, as we may
> allocate ->async_data but failed init would leave the field in not
> consistent state. The easiest solution is to remove removing
> REQ_F_NEED_CLEANUP and so ->async_data dealloc from io_sendrecv_fail()
> and let io_send_zc_cleanup() do the job. The catch here is that we also
> need to prevent double notif flushing, just test it for NULL and zero
> where it's needed.
>
> [...]
Applied, thanks!
[1/1] io_uring/net: fix UAF in io_sendrecv_fail()
commit: a75155faef4efcb9791f77e2652e29ce8906e05a
Best regards,
--
Jens Axboe
