Merge tag 'io_uring-6.6-2023-10-20' of git://git.kernel.dk/linux

Pull io_uring fix from Jens Axboe: "Just a single fix for a bug report that came in, fixing a case where failure to init a ring with IORING_SETUP_NO_MMAP can trigger a NULL pointer dereference" * tag 'io_uring-6.6-2023-10-20' of git://git.kernel.dk/linux: io_uring: fix crash with IORING_SETUP_NO_MMAP and invalid SQ ring address
author: Linus Torvalds <torvalds@linux-foundation.org> 2023-10-20 10:28:46 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2023-10-20 10:28:46 -0700
commit: 747b7628ca66de3806e6988d3a6e0c9c48d33694 (patch)
tree: 471e11503a8201b5e16b8f05aa1e526d3d2bf093
parent: 14f6863328164a9e66024bce5f2fa27de7dc00f0 (diff)
parent: 8b51a3956d44ea6ade962874ade14de9a7d16556 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index d839a80a6751..8d1bc6cdfe71 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2674,7 +2674,11 @@ static void io_pages_free(struct page ***pages, int npages)
 
 	if (!pages)
 		return;
+
 	page_array = *pages;
+	if (!page_array)
+		return;
+
 	for (i = 0; i < npages; i++)
 		unpin_user_page(page_array[i]);
 	kvfree(page_array);
@@ -2758,7 +2762,9 @@ static void io_rings_free(struct io_ring_ctx *ctx)
 		ctx->sq_sqes = NULL;
 	} else {
 		io_pages_free(&ctx->ring_pages, ctx->n_ring_pages);
+		ctx->n_ring_pages = 0;
 		io_pages_free(&ctx->sqe_pages, ctx->n_sqe_pages);
+		ctx->n_sqe_pages = 0;
 	}
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2023-10-20 10:28:46 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2023-10-20 10:28:46 -0700
commit	747b7628ca66de3806e6988d3a6e0c9c48d33694 (patch)
tree	471e11503a8201b5e16b8f05aa1e526d3d2bf093
parent	14f6863328164a9e66024bce5f2fa27de7dc00f0 (diff)
parent	8b51a3956d44ea6ade962874ade14de9a7d16556 (diff)