diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2024-11-26 00:10:31 +0100 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2024-11-27 23:00:57 +0100 |
| commit | 43eef70e7e2ac74e7767731dd806720c7fb5e010 (patch) | |
| tree | 52d6f5b19f36d65f744b1c5a5ebc23bb7bf8e94f | |
| parent | io_uring: fix task_work cap overshooting (diff) | |
| download | linux-43eef70e7e2ac74e7767731dd806720c7fb5e010.tar.xz linux-43eef70e7e2ac74e7767731dd806720c7fb5e010.zip | |
io_uring: fix corner case forgetting to vunmap
io_pages_unmap() is a bit tricky in trying to figure whether the pages
were previously vmap'ed or not. In particular If there is juts one page
it belives there is no need to vunmap. Paired io_pages_map(), however,
could've failed io_mem_alloc_compound() and attempted to
io_mem_alloc_single(), which does vmap, and that leads to unpaired vmap.
The solution is to fail if io_mem_alloc_compound() can't allocate a
single page. That's the easiest way to deal with it, and those two
functions are getting removed soon, so no need to overcomplicate it.
Cc: stable@vger.kernel.org
Fixes: 3ab1db3c6039e ("io_uring: get rid of remap_pfn_range() for mapping rings/sqes")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/477e75a3907a2fe83249e49c0a92cd480b2c60e0.1732569842.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
| -rw-r--r-- | io_uring/memmap.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/io_uring/memmap.c b/io_uring/memmap.c index ea08f19dc648..57de9bccbf50 100644 --- a/io_uring/memmap.c +++ b/io_uring/memmap.c @@ -73,6 +73,8 @@ void *io_pages_map(struct page ***out_pages, unsigned short *npages, ret = io_mem_alloc_compound(pages, nr_pages, size, gfp); if (!IS_ERR(ret)) goto done; + if (nr_pages == 1) + goto fail; ret = io_mem_alloc_single(pages, nr_pages, size, gfp); if (!IS_ERR(ret)) { @@ -81,7 +83,7 @@ done: *npages = nr_pages; return ret; } - +fail: kvfree(pages); *out_pages = NULL; *npages = 0; |