6.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Guixin Liu <kanie@xxxxxxxxxxxxxxxxx> [ Upstream commit 3a87e264290d71ec86a210ab3e8d23b715ad266d ] Exit the percpu ref when cache init fails to free the data memory with in struct percpu_ref. Fixes: 206aefde4f88 ("io_uring: reduce/pack size of io_ring_ctx") Signed-off-by: Guixin Liu <kanie@xxxxxxxxxxxxxxxxx> Reviewed-by: Gabriel Krisman Bertazi <krisman@xxxxxxx> Link: https://lore.kernel.org/r/20240923100512.64638-1-kanie@xxxxxxxxxxxxxxxxx Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- io_uring/io_uring.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index c0d8ee0c9786d..ff243f6b51199 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -316,7 +316,7 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p) sizeof(struct uring_cache)); ret |= io_futex_cache_init(ctx); if (ret) - goto err; + goto free_ref; init_completion(&ctx->ref_comp); xa_init_flags(&ctx->personalities, XA_FLAGS_ALLOC1); mutex_init(&ctx->uring_lock); @@ -344,6 +344,9 @@ static __cold struct io_ring_ctx *io_ring_ctx_alloc(struct io_uring_params *p) io_napi_init(ctx); return ctx; + +free_ref: + percpu_ref_exit(&ctx->refs); err: io_alloc_cache_free(&ctx->rsrc_node_cache, kfree); io_alloc_cache_free(&ctx->apoll_cache, kfree); -- 2.43.0