diff options
| author | Jens Axboe <axboe@kernel.dk> | 2025-01-03 09:29:09 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-01-09 13:33:48 +0100 |
| commit | c7e9cb3db7986584d0a4cd1c4c28cf53fc2400e3 (patch) | |
| tree | 60f3d91ae9572203ba398a948ee0528f68f1fc8c /scripts/stackusage | |
| parent | abf81fd09b62904774c8193ec1a6c1be4780fe4d (diff) | |
| download | linux-c7e9cb3db7986584d0a4cd1c4c28cf53fc2400e3.tar.gz linux-c7e9cb3db7986584d0a4cd1c4c28cf53fc2400e3.tar.bz2 linux-c7e9cb3db7986584d0a4cd1c4c28cf53fc2400e3.zip | |
io_uring/kbuf: use pre-committed buffer address for non-pollable file
commit ed123c948d06688d10f3b10a7bce1d6fbfd1ed07 upstream.
For non-pollable files, buffer ring consumption will commit upfront.
This is fine, but io_ring_buffer_select() will return the address of the
buffer after having committed it. For incrementally consumed buffers,
this is incorrect as it will modify the buffer address.
Store the pre-committed value and return that. If that isn't done, then
the initial part of the buffer is not used and the application will
correctly assume the content arrived at the start of the userspace
buffer, but the kernel will have put it later in the buffer. Or it can
cause a spurious -EFAULT returned in the CQE, depending on the buffer
size. As bounds are suitably checked for doing the actual IO, no adverse
side effects are possible - it's just a data misplacement within the
existing buffer.
Reported-by: Gwendal Fernet <gwendalfernet@gmail.com>
Cc: stable@vger.kernel.org
Fixes: ae98dbf43d75 ("io_uring/kbuf: add support for incremental buffer consumption")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'scripts/stackusage')
0 files changed, 0 insertions, 0 deletions