Skip to content

Commit

Permalink
io_uring: Fix corrupted user_data
Browse files Browse the repository at this point in the history 
There is a bug, where failed linked requests are returned not with
specified @user_data, but with garbage from a kernel stack.

The reason is that io_fail_links() uses req->user_data, which is
uninitialised when called from io_queue_sqe() on fail path.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
  • Loading branch information
Pavel Begunkov authored and Jens Axboe committed Oct 25, 2019
1 parent a1f58ba commit 84d55dc
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions fs/io_uring.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2448,6 +2448,8 @@ static void io_submit_sqe(struct io_ring_ctx *ctx, struct sqe_submit *s,
return;
}

req->user_data = s->sqe->user_data;

/*
* If we already have a head request, queue this one for async
* submittal once the head completes. If we don't have a head but
Expand Down

0 comments on commit 84d55dc

Please sign in to comment.