Skip to content
Commit 1a623d36 authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Greg Kroah-Hartman
Browse files

io_uring: fix fs->users overflow 

There is a bunch of cases where we can grab req->fs but not put it, this
can be used to cause a controllable overflow with further implications.
Release req->fs in the request free path and make sure we zero the field
to be sure we don't do it twice.

Fixes: cac68d12

 ("io_uring: grab ->fs as part of async offload")
Reported-by: default avatarBing-Jhong Billy Jheng <billy@starlabs.sg>
Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 33fcb359
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment