diff mbox series

[5.8] io_uring: ensure open/openat2 name is cleaned on cancelation

Message ID 20200928153507.27420-1-sgarzare@redhat.com
State New
Headers show
Series [5.8] io_uring: ensure open/openat2 name is cleaned on cancelation | expand

Commit Message

Stefano Garzarella Sept. 28, 2020, 3:35 p.m. UTC 
From: Jens Axboe <axboe@kernel.dk>

[ Upstream commit f3cd4850504ff612d0ea77a0aaf29b66c98fcefe ]

If we cancel these requests, we'll leak the memory associated with the
filename. Add them to the table of ops that need cleaning, if
REQ_F_NEED_CLEANUP is set.

Cc: stable@vger.kernel.org
Fixes: e62753e4e292 ("io_uring: call statx directly")
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 fs/io_uring.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Greg KH Sept. 28, 2020, 5:33 p.m. UTC | #1 
On Mon, Sep 28, 2020 at 05:35:07PM +0200, Stefano Garzarella wrote:
> From: Jens Axboe <axboe@kernel.dk>
> 
> [ Upstream commit f3cd4850504ff612d0ea77a0aaf29b66c98fcefe ]
> 
> If we cancel these requests, we'll leak the memory associated with the
> filename. Add them to the table of ops that need cleaning, if
> REQ_F_NEED_CLEANUP is set.
> 
> Cc: stable@vger.kernel.org
> Fixes: e62753e4e292 ("io_uring: call statx directly")
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
> ---
>  fs/io_uring.c | 2 ++
>  1 file changed, 2 insertions(+)

Thanks, now queued up.

greg k-h
diff mbox series

Patch

diff --git a/fs/io_uring.c b/fs/io_uring.c
index d05023ca74bd..864341445926 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -5252,6 +5252,8 @@  static void io_cleanup_req(struct io_kiocb *req)
 		break;
 	case IORING_OP_OPENAT:
 	case IORING_OP_OPENAT2:
+		if (req->open.filename)
+			putname(req->open.filename);
 		break;
 	case IORING_OP_SPLICE:
 	case IORING_OP_TEE: