Ensure to set msg.msg_name for the async portion of send/recvmsg, as the header copy will copy to/from it.
Cc: stable@vger.kernel.org # 5.5, 5.6, 5.7 Signed-off-by: Pavel Begunkov asml.silence@gmail.com --- fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/io_uring.c b/fs/io_uring.c index 7f2a2cb5c056..8482b9aed952 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3913,6 +3913,7 @@ static int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (req->flags & REQ_F_NEED_CLEANUP) return 0;
+ io->msg.msg.msg_name = &io->msg.addr; io->msg.iov = io->msg.fast_iov; ret = sendmsg_copy_msghdr(&io->msg.msg, sr->msg, sr->msg_flags, &io->msg.iov); @@ -4025,6 +4026,7 @@ static int __io_recvmsg_copy_hdr(struct io_kiocb *req, struct io_async_ctx *io) size_t iov_len; int ret;
+ io->msg.msg.msg_name = &io->msg.addr; ret = __copy_msghdr_from_user(&io->msg.msg, sr->msg, &io->msg.uaddr, &uiov, &iov_len); if (ret)
Ensure to set msg.msg_name for the async portion of send/recvmsg, as the header copy will copy to/from it.
Cc: stable@vger.kernel.org # 5.5, 5.6, 5.7 Signed-off-by: Pavel Begunkov asml.silence@gmail.com --- v2: don't miss out compat for recv
fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/io_uring.c b/fs/io_uring.c index 7f2a2cb5c056..0ecd70dbf0fd 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -3913,6 +3913,7 @@ static int io_sendmsg_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) if (req->flags & REQ_F_NEED_CLEANUP) return 0;
+ io->msg.msg.msg_name = &io->msg.addr; io->msg.iov = io->msg.fast_iov; ret = sendmsg_copy_msghdr(&io->msg.msg, sr->msg, sr->msg_flags, &io->msg.iov); @@ -4094,6 +4095,7 @@ static int __io_compat_recvmsg_copy_hdr(struct io_kiocb *req,
static int io_recvmsg_copy_hdr(struct io_kiocb *req, struct io_async_ctx *io) { + io->msg.msg.msg_name = &io->msg.addr; io->msg.iov = io->msg.fast_iov;
#ifdef CONFIG_COMPAT
linux-stable-mirror@lists.linaro.org
-
Jens Axboe -
Pavel Begunkov