Skip to content
Commit 355e8d26 authored by Eric Biggers's avatar Eric Biggers Committed by Jens Axboe
Browse files

io_uring: fix memory leak of UNIX domain socket inode 



Opening and closing an io_uring instance leaks a UNIX domain socket
inode.  This is because the ->file of the io_uring instance's internal
UNIX domain socket is set to point to the io_uring file, but then
sock_release() sees the non-NULL ->file and assumes the inode reference
is held by the file so doesn't call iput().  That's not the case here,
since the reference is still meant to be held by the socket; the actual
inode of the io_uring file is different.

Fix this leak by NULL-ing out ->file before releasing the socket.

Reported-by: default avatar <syzbot+111cb28d9f583693aefa@syzkaller.appspotmail.com>
Fixes: 2b188cc1

 ("Add io_uring IO interface")
Cc: <stable@vger.kernel.org> # v5.1+
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent b9aef63a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment