WSL2-Linux-Kernel/io_uring
Fedor Pchelkin f4ba55411c io_uring: avoid null-ptr-deref in io_arm_poll_handler
No upstream commit exists for this commit.

The issue was introduced with backporting upstream commit c16bda3759
("io_uring/poll: allow some retries for poll triggering spuriously").

Memory allocation can possibly fail causing invalid pointer be
dereferenced just before comparing it to NULL value.

Move the pointer check in proper place (upstream has the similar location
of the check). In case the request has REQ_F_POLLED flag up, apoll can't
be NULL so no need to check there.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-03-22 13:31:37 +01:00
..
Makefile
io-wq.c io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL 2023-01-24 07:22:43 +01:00
io-wq.h
io_uring.c io_uring: avoid null-ptr-deref in io_arm_poll_handler 2023-03-22 13:31:37 +01:00