io_uring: don't map read/write iovec potentially twice

If we have a read/write that is deferred, we already setup the async IO context for that request, and mapped it. When we later try and execute the request and we get -EAGAIN, we don't want to attempt to re-map it. If we do, we end up with garbage in the iovec, which typically leads to an -EFAULT or -EINVAL completion. Cc: stable@vger.kernel.org # 5.5 Reported-by: Dan Melnic <dmm@fb.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
author: Jens Axboe <axboe@kernel.dk> 2020-01-31 22:06:52 +0300
committer: Jens Axboe <axboe@kernel.dk> 2020-02-04 03:27:47 +0300
commit: 5d204bcfa09330972ad3428a8f81c23f371d3e6d (patch)
tree: 35fdbe2c6b198f4a07fc44f09ef3c306f238e699 /fs/io_uring.c
parent: 0b7b21e42ba2d6ac9595a4358a9354249605a3af (diff)
download: linux-5d204bcfa09330972ad3428a8f81c23f371d3e6d.tar.xz
1 files changed, 5 insertions, 3 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c
index cd07df2afe61..678a1b245e10 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2171,10 +2171,12 @@ static int io_setup_async_rw(struct io_kiocb *req, ssize_t io_size,
 {
 	if (!io_op_defs[req->opcode].async_ctx)
 		return 0;
-	if (!req->io && io_alloc_async_ctx(req))
-		return -ENOMEM;
+	if (!req->io) {
+		if (io_alloc_async_ctx(req))
+			return -ENOMEM;
 
-	io_req_map_rw(req, io_size, iovec, fast_iov, iter);
+		io_req_map_rw(req, io_size, iovec, fast_iov, iter);
+	}
 	req->work.func = io_rw_async;
 	return 0;
 }
author	Jens Axboe <axboe@kernel.dk>	2020-01-31 22:06:52 +0300
committer	Jens Axboe <axboe@kernel.dk>	2020-02-04 03:27:47 +0300
commit	5d204bcfa09330972ad3428a8f81c23f371d3e6d (patch)
tree	35fdbe2c6b198f4a07fc44f09ef3c306f238e699 /fs/io_uring.c
parent	0b7b21e42ba2d6ac9595a4358a9354249605a3af (diff)
download	linux-5d204bcfa09330972ad3428a8f81c23f371d3e6d.tar.xz