From: Jens Axboe <axboe@xxxxxxxxx>
commit 11893e144ed75be55d99349760513ca104781fc0 upstream.
If the iovec inside the kmsg isn't already allocated AND one gets
expanded beyond the fixed size, then the request may not already have
been marked for cleanup. Ensure that it is.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 2f9c9515bdfd ("io_uring/net: support bundles for recv")
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
io_uring/net.c | 1 +
1 file changed, 1 insertion(+)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1084,6 +1084,7 @@ static int io_recv_buf_select(struct io_
if (arg.iovs != &kmsg->fast_iov && arg.iovs != kmsg->free_iov) {
kmsg->free_iov_nr = ret;
kmsg->free_iov = arg.iovs;
+ req->flags |= REQ_F_NEED_CLEANUP;
}
} else {
void __user *buf;
Patches currently in stable-queue which might be from axboe@xxxxxxxxx are
queue-6.10/io_uring-net-ensure-expanded-bundle-send-gets-marked-for-cleanup.patch
queue-6.10/io_uring-net-ensure-expanded-bundle-recv-gets-marked-for-cleanup.patch
queue-6.10/block-change-rq_integrity_vec-to-respect-the-iterato.patch
queue-6.10/io_uring-net-don-t-pick-multiple-buffers-for-non-bundle-send.patch
