[PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management

From: Pavel Begunkov
Date: Fri Jan 31 2025 - 09:13:15 EST

Next message: Andrew Lunn: "Re: [PATCH net v4 3/3] net: stmmac: Specify hardware capability value when FIFO size isn't specified"
Previous message: Sudeep Holla: "Re: [PATCH V1] firmware: arm_scmi: Optimize the iteration of scmi_requested_devices"
Next in thread: Jens Axboe: "Re: [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

import_iovec() says that it should always be fine to kfree the iovec
returned in @iovp regardless of the error code. __import_iovec_ubuf()
never reallocates it and thus should clear the pointer even in cases
when copy_iovec_*() fail.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 3b2deb0e46da9 ("iov_iter: import single vector iovecs as ITER_UBUF")
Signed-off-by: Pavel Begunkov <asml.silence@xxxxxxxxx>
---
lib/iov_iter.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 9ec806f989f25..65f550cb5081b 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1428,6 +1428,8 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
struct iovec *iov = *iovp;
ssize_t ret;

+ *iovp = NULL;
+
if (compat)
ret = copy_compat_iovec_from_user(iov, uvec, 1);
else
@@ -1438,7 +1440,6 @@ static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
ret = import_ubuf(type, iov->iov_base, iov->iov_len, i);
if (unlikely(ret))
return ret;
- *iovp = NULL;
return i->count;
}

--
2.47.1

Next message: Andrew Lunn: "Re: [PATCH net v4 3/3] net: stmmac: Specify hardware capability value when FIFO size isn't specified"
Previous message: Sudeep Holla: "Re: [PATCH V1] firmware: arm_scmi: Optimize the iteration of scmi_requested_devices"
Next in thread: Jens Axboe: "Re: [PATCH 1/1] lib/iov_iter: fix import_iovec_ubuf iovec management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]