projects / linux-block.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eda4623)
io_uring/zcrx: fix area release on registration failure
authorPavel Begunkov <asml.silence@gmail.com>
Tue, 27 May 2025 17:07:33 +0000 (18:07 +0100)
committerJens Axboe <axboe@kernel.dk>
Tue, 27 May 2025 18:56:16 +0000 (12:56 -0600)
On area registration failure there might be no ifq set and it's not safe
to access area->ifq in the release path without checking it first.

Cc: stable@vger.kernel.org
Fixes: f12ecf5e1c5ec ("io_uring/zcrx: fix late dma unmap for a dead dev")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/bc02878678a5fec28bc77d33355cdba735418484.1748365640.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
io_uring/zcrx.c patch | blob | blame | history

diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c
index 0c5b7d8f8d677a6a4a00d26e91f2eaad43a9ba32..21c816c3bfe07e7bbf0f7088f9abada7ddccc943 100644 (file)
--- a/io_uring/zcrx.c
+++ b/io_uring/zcrx.c
@@ -366,7 +366,8 @@ static void io_free_rbuf_ring(struct io_zcrx_ifq *ifq)
 
 static void io_zcrx_free_area(struct io_zcrx_area *area)
 {
-       io_zcrx_unmap_area(area->ifq, area);
+       if (area->ifq)
+               io_zcrx_unmap_area(area->ifq, area);
        io_release_area_mem(&area->mem);
 
        kvfree(area->freelist);
Linux 6.x block layer and io_uring tree(s)