io_uring: don't map read/write iovec potentially twice

If we have a read/write that is deferred, we already setup the async IO context for that request, and mapped it. When we later try and execute the request and we get -EAGAIN, we don't want to attempt to re-map it. If we do, we end up with garbage in the iovec, which typically leads to an -EFAULT or -EINVAL completion. Cc: stable@vger.kernel.org # 5.5 Reported-by: N Dan Melnic <dmm@fb.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>

io_uring: don't map read/write iovec potentially twice
If we have a read/write that is deferred, we already setup the async IO context for that request, and mapped it. When we later try and execute the request and we get -EAGAIN, we don't want to attempt to re-map it. If we do, we end up with garbage in the iovec, which typically leads to an -EFAULT or -EINVAL completion. Cc: stable@vger.kernel.org # 5.5 Reported-by: N Dan Melnic <dmm@fb.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>
5d204bcf · Jens Axboe · 0b7b21e4 · 5d204bcf
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

fs/io_uring.c fs/io_uring.c +5 -3

未找到文件。
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2171,10 +2171,12 @@ static int io_setup_async_rw(struct io_kiocb *req, ssize_t io_size,
 {
 	if (!io_op_defs[req->opcode].async_ctx)
 		return 0;
-	if (!req->io && io_alloc_async_ctx(req))
-		return -ENOMEM;
+	if (!req->io) {
+		if (io_alloc_async_ctx(req))
+			return -ENOMEM;

-	io_req_map_rw(req, io_size, iovec, fast_iov, iter);
+		io_req_map_rw(req, io_size, iovec, fast_iov, iter);
+	}
 	req->work.func = io_rw_async;
 	return 0;
 }