From: Pavel Begunkov <asml.silence@xxxxxxxxx>
commit 6c3e8955d4bd9811a6e1761eea412a14fb51a2e6 upstream.
Don't access io_async_msghdr io_netmsg_recycle(), it may be reallocated.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 9bb66906f23e5 ("io_uring: support multishot in recvmsg")
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
Link: https://lore.kernel.org/r/9e326f4ad4046ddadf15bf34bf3fa58c6372f6b5.1671461985.git.asml.silence@xxxxxxxxx
Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
io_uring/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -772,10 +772,10 @@ retry_multishot:
goto retry_multishot;
if (mshot_finished) {
- io_netmsg_recycle(req, issue_flags);
/* fast path, check for non-NULL to avoid function call */
if (kmsg->free_iov)
kfree(kmsg->free_iov);
+ io_netmsg_recycle(req, issue_flags);
req->flags &= ~REQ_F_NEED_CLEANUP;
}
