Re: [PATCH] io_uring: Fix registered ring file refcount leak

On Wed, 18 Dec 2024 17:56:25 +0100, Jann Horn wrote:

Currently, io_uring_unreg_ringfd() (which cleans up registered rings) is only called on exit, but __io_uring_free (which frees the tctx in which the registered ring pointers are stored) is also called on execve (via begin_new_exec -> io_uring_task_cancel -> __io_uring_cancel -> io_uring_cancel_generic -> __io_uring_free).

This means: A process going through execve while having registered rings will leak references to the rings' `struct file`.

[...]

Applied, thanks!

[1/1] io_uring: Fix registered ring file refcount leak commit: 12d908116f7efd34f255a482b9afc729d7a5fb78

Best regards,