io_uring/rsrc: don't put/free empty buffers

If cloning of buffers fail and we have to put the ones already grabbed, check for NULL buffers and skip those. They used to be dummy ubufs, but now they are just NULL and that should be checked before reaping them. Reported-by: chase xd <sl1589472800@gmail.com> Link: https://lore.kernel.org/io-uring/CADZouDQ7TcKn8gz8_efnyAEp1JvU1ktRk8PWz-tO0FXUoh8VGQ@mail.gmail.com/ Fixes: d50f94d761a5 ("io_uring/rsrc: get rid of the empty node and dummy_ubuf") Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Jens Axboe <axboe@kernel.dk> 2024-12-12 08:01:52 -0700
committer: Jens Axboe <axboe@kernel.dk> 2024-12-12 08:01:52 -0700
commit: 99d6af6e8a22b792e1845b186f943cd10bb4b7b0 (patch)
tree: c7af221e463e44672298b000de646274e9eba704
parent: a07d2d7930c75e6bf88683b376d09ab1f3fed2aa (diff)
download: linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.tar.gz
linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.tar.bz2
linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c
index adaae8630932..077f84684c18 100644
--- a/io_uring/rsrc.c
+++ b/io_uring/rsrc.c
@@ -1036,8 +1036,10 @@ static int io_clone_buffers(struct io_ring_ctx *ctx, struct io_ring_ctx *src_ctx
 out_put_free:
 	i = data.nr;
 	while (i--) {
-		io_buffer_unmap(src_ctx, data.nodes[i]);
-		kfree(data.nodes[i]);
+		if (data.nodes[i]) {
+			io_buffer_unmap(src_ctx, data.nodes[i]);
+			kfree(data.nodes[i]);
+		}
 	}
 out_unlock:
 	io_rsrc_data_free(ctx, &data);
author	Jens Axboe <axboe@kernel.dk>	2024-12-12 08:01:52 -0700
committer	Jens Axboe <axboe@kernel.dk>	2024-12-12 08:01:52 -0700
commit	99d6af6e8a22b792e1845b186f943cd10bb4b7b0 (patch)
tree	c7af221e463e44672298b000de646274e9eba704
parent	a07d2d7930c75e6bf88683b376d09ab1f3fed2aa (diff)
download	linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.tar.gz linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.tar.bz2 linux-99d6af6e8a22b792e1845b186f943cd10bb4b7b0.zip