diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2025-07-21 10:56:20 +0100 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2025-07-21 06:47:45 -0600 |
| commit | 720df2310b89cf76c1dc1a05902536282506f8bf (patch) | |
| tree | c5780bca453b1fb505979c72960f8ab3d52559f1 /io_uring | |
| parent | d1fbe1ebf4a12cabd7945335d5e47718cb2bef99 (diff) | |
| download | linux-720df2310b89cf76c1dc1a05902536282506f8bf.tar.gz linux-720df2310b89cf76c1dc1a05902536282506f8bf.tar.bz2 linux-720df2310b89cf76c1dc1a05902536282506f8bf.zip | |
io_uring/zcrx: fix null ifq on area destruction
Dan reports that ifq can be null when infering arguments for
io_unaccount_mem() from io_zcrx_free_area(). Fix it by always setting a
correct ifq.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202507180628.gBxrOgqr-lkp@intel.com/
Fixes: 262ab205180d2 ("io_uring/zcrx: account area memory")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/20670d163bb90dba2a81a4150f1125603cefb101.1753091564.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'io_uring')
| -rw-r--r-- | io_uring/zcrx.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/io_uring/zcrx.c b/io_uring/zcrx.c index dabce3ee0e8b..6b4bdefb40c4 100644 --- a/io_uring/zcrx.c +++ b/io_uring/zcrx.c @@ -377,8 +377,7 @@ static void io_free_rbuf_ring(struct io_zcrx_ifq *ifq) static void io_zcrx_free_area(struct io_zcrx_area *area) { - if (area->ifq) - io_zcrx_unmap_area(area->ifq, area); + io_zcrx_unmap_area(area->ifq, area); io_release_area_mem(&area->mem); if (area->mem.account_pages) @@ -411,6 +410,7 @@ static int io_zcrx_create_area(struct io_zcrx_ifq *ifq, area = kzalloc(sizeof(*area), GFP_KERNEL); if (!area) goto err; + area->ifq = ifq; ret = io_import_area(ifq, &area->mem, area_reg); if (ret) @@ -445,7 +445,6 @@ static int io_zcrx_create_area(struct io_zcrx_ifq *ifq, } area->free_count = nr_iovs; - area->ifq = ifq; /* we're only supporting one area per ifq for now */ area->area_id = 0; area_reg->rq_area_token = (u64)area->area_id << IORING_ZCRX_AREA_SHIFT; |