On 3/16/23 12:56 PM, Fedor Pchelkin wrote:
> No upstream commit exists for this commit.
>
> The issue was introduced with backporting upstream commit c16bda37594f
> ("io_uring/poll: allow some retries for poll triggering spuriously").
>
> Memory allocation can possibly fail causing invalid pointer be
> dereferenced just before comparing it to NULL value.
>
> Move the pointer check in proper place (upstream has the similar location
> of the check). In case the request has REQ_F_POLLED flag up, apoll can't
> be NULL so no need to check there.
>
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Ah thanks, yes that's a mistake. Looks good to me!
--
Jens Axboe
