Commit 21870e02 authored by Jens Axboe's avatar Jens Axboe
Browse files

io_uring: fix a memory leak of buffer group list on exit 



If we use a buffer group ID that is large enough to require io_uring
to allocate it, then we don't correctly free it if the cleanup is
deferred to the ring exit. The explicit removal paths are fine.

Fixes: 9cfc7e94 ("io_uring: get rid of hashed provided buffer groups")
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 1151a7cc

fs/io_uring.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -11065,6 +11065,7 @@ static void io_destroy_buffers(struct io_ring_ctx *ctx) 
	xa_for_each(&ctx->io_bl_xa, index, bl) {

	xa_for_each(&ctx->io_bl_xa, index, bl) {

		xa_erase(&ctx->io_bl_xa, bl->bgid);

		xa_erase(&ctx->io_bl_xa, bl->bgid);

		__io_remove_buffers(ctx, bl, -1U);

		__io_remove_buffers(ctx, bl, -1U);

		kfree(bl);

	}

	}





	while (!list_empty(&ctx->io_buffers_pages)) {

	while (!list_empty(&ctx->io_buffers_pages)) {