6.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov asml.silence@gmail.com
commit 720df2310b89cf76c1dc1a05902536282506f8bf upstream.
Dan reports that ifq can be null when infering arguments for io_unaccount_mem() from io_zcrx_free_area(). Fix it by always setting a correct ifq.
Reported-by: kernel test robot lkp@intel.com Reported-by: Dan Carpenter dan.carpenter@linaro.org Closes: https://lore.kernel.org/r/202507180628.gBxrOgqr-lkp@intel.com/ Fixes: 262ab205180d2 ("io_uring/zcrx: account area memory") Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/20670d163bb90dba2a81a4150f1125603cefb101.175309156... Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- io_uring/zcrx.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
--- a/io_uring/zcrx.c +++ b/io_uring/zcrx.c @@ -394,8 +394,7 @@ static void io_free_rbuf_ring(struct io_
static void io_zcrx_free_area(struct io_zcrx_area *area) { - if (area->ifq) - io_zcrx_unmap_area(area->ifq, area); + io_zcrx_unmap_area(area->ifq, area); io_release_area_mem(&area->mem);
if (area->mem.account_pages) @@ -428,6 +427,7 @@ static int io_zcrx_create_area(struct io area = kzalloc(sizeof(*area), GFP_KERNEL); if (!area) goto err; + area->ifq = ifq;
ret = io_import_area(ifq, &area->mem, area_reg); if (ret) @@ -462,7 +462,6 @@ static int io_zcrx_create_area(struct io }
area->free_count = nr_iovs; - area->ifq = ifq; /* we're only supporting one area per ifq for now */ area->area_id = 0; area_reg->rq_area_token = (u64)area->area_id << IORING_ZCRX_AREA_SHIFT;