diff options
| author | Jens Axboe <axboe@kernel.dk> | 2025-11-24 10:59:02 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-12-07 06:27:37 +0900 |
| commit | 14459281e027f23b70885c1cc1032a71c0efd8d7 (patch) | |
| tree | e88024e98063ff5d9474d9cc83e715d63f55e8d0 | |
| parent | 2db8fba9174c10570e8dcdb3887b7f3f086ce4bf (diff) | |
| download | linux-14459281e027f23b70885c1cc1032a71c0efd8d7.tar.gz linux-14459281e027f23b70885c1cc1032a71c0efd8d7.tar.bz2 linux-14459281e027f23b70885c1cc1032a71c0efd8d7.zip | |
io_uring/net: ensure vectored buffer node import is tied to notification
commit f6041803a831266a2a5a5b5af66f7de0845bcbf3 upstream.
When support for vectored registered buffers was added, the import
itself is using 'req' rather than the notification io_kiocb, sr->notif.
For non-vectored imports, sr->notif is correctly used. This is important
as the lifetime of the two may be different. Use the correct io_kiocb
for the vectored buffer import.
Cc: stable@vger.kernel.org
Fixes: 23371eac7d9a ("io_uring/net: implement vectored reg bufs for zctx")
Reported-by: Google Big Sleep <big-sleep-vuln-reports+bigsleep-463332873@google.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | io_uring/net.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/io_uring/net.c b/io_uring/net.c index d69f2afa4f7a..1f35f01661e7 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -1542,8 +1542,10 @@ int io_sendmsg_zc(struct io_kiocb *req, unsigned int issue_flags) unsigned uvec_segs = kmsg->msg.msg_iter.nr_segs; int ret; - ret = io_import_reg_vec(ITER_SOURCE, &kmsg->msg.msg_iter, req, - &kmsg->vec, uvec_segs, issue_flags); + sr->notif->buf_index = req->buf_index; + ret = io_import_reg_vec(ITER_SOURCE, &kmsg->msg.msg_iter, + sr->notif, &kmsg->vec, uvec_segs, + issue_flags); if (unlikely(ret)) return ret; req->flags &= ~REQ_F_IMPORT_BUFFER; |