From: Pavel Begunkov asml.silence@gmail.com
commit 84d55dc5b9e57b513a702fbc358e1b5489651590 upstream.
There is a bug, where failed linked requests are returned not with specified @user_data, but with garbage from a kernel stack.
The reason is that io_fail_links() uses req->user_data, which is uninitialised when called from io_queue_sqe() on fail path.
Signed-off-by: Pavel Begunkov asml.silence@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/io_uring.c | 2 ++ 1 file changed, 2 insertions(+)
--- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2157,6 +2157,8 @@ err: return; }
+ req->user_data = s->sqe->user_data; + /* * If we already have a head request, queue this one for async * submittal once the head completes. If we don't have a head but