[patch] io_uring: don't allow duplicate registrations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Jens,

It looks to me like calling io_uring_register more than once (for either
IORING_REGISTER_BUFFERS or IORING_REGISTER_FILES) will leak the
references taken in previous calls.

Signed-off-by: Jeff Moyer <jmoyer@xxxxxxxxxx>

---

If this makes sense to you, feel free to just fold this into your
patches w/o any attribution.

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 3650e8b63a32..f0492b0e23a0 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -1399,6 +1399,9 @@ static int io_sqe_files_register(struct io_ring_ctx *ctx, void __user *arg,
 	if (!nr_args)
 		return -EINVAL;
 
+	if (ctx->user_files)
+		return -EINVAL;
+
 	ctx->user_files = kcalloc(nr_args, sizeof(struct file *), GFP_KERNEL);
 	if (!ctx->user_files)
 		return -ENOMEM;
@@ -1580,6 +1583,9 @@ static int io_sqe_buffer_register(struct io_ring_ctx *ctx, void __user *arg,
 	if (!nr_args || nr_args > UIO_MAXIOV)
 		return -EINVAL;
 
+	if (ctx->user_bufs)
+		return -EINVAL;
+
 	ctx->user_bufs = kcalloc(nr_args, sizeof(struct io_mapped_ubuf),
 					GFP_KERNEL);
 	if (!ctx->user_bufs)



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux