This is a note to let you know that I've just added the patch titled
io_uring: fix memory leak when cache init fail
to the 6.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
io_uring-fix-memory-leak-when-cache-init-fail.patch
and it can be found in the queue-6.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 88ae14ef66d1111514aa41fe09c9628f08ee446f
Author: Guixin Liu <kanie@xxxxxxxxxxxxxxxxx>
Date: Mon Sep 23 18:05:12 2024 +0800
io_uring: fix memory leak when cache init fail
[ Upstream commit 3a87e264290d71ec86a210ab3e8d23b715ad266d ]
Exit the percpu ref when cache init fails to free the data memory with
in struct percpu_ref.
Fixes: 206aefde4f88 ("io_uring: reduce/pack size of io_ring_ctx")
Signed-off-by: Guixin Liu <kanie@xxxxxxxxxxxxxxxxx>
Reviewed-by: Gabriel Krisman Bertazi <krisman@xxxxxxx>
Link: https://lore.kernel.org/r/20240923100512.64638-1-kanie@xxxxxxxxxxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index c0d8ee0c9786d..ff243f6b51199 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -316,7 +316,7 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
sizeof(struct uring_cache));
ret |= io_futex_cache_init(ctx);
if (ret)
- goto err;
+ goto free_ref;
init_completion(&ctx->ref_comp);
xa_init_flags(&ctx->personalities, XA_FLAGS_ALLOC1);
mutex_init(&ctx->uring_lock);
@@ -344,6 +344,9 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p)
io_napi_init(ctx);
return ctx;
+
+free_ref:
+ percpu_ref_exit(&ctx->refs);
err:
io_alloc_cache_free(&ctx->rsrc_node_cache, kfree);
io_alloc_cache_free(&ctx->apoll_cache, kfree);
