io_uring/rw: Free iovec before cleaning async data
kmemleak shows that there is a memory leak in io_uring read operation,
where a buffer is allocated at iovec import, but never de-allocated.
The memory is allocated at io_async_rw->free_iovec, but, then
io_async_rw is kfreed, taking the allocated memory with it. I saw this
happening when the read operation fails with -11 (EAGAIN).
This is the kmemleak splat.
unreferenced object 0xffff8881da591c00 (size 256):
...
backtrace (crc
7a15bdee):
[<
00000000256f2de4>] __kmalloc+0x2d6/0x410
[<
000000007a9f5fc7>] iovec_from_user.part.0+0xc6/0x160
[<
00000000cecdf83a>] __import_iovec+0x50/0x220
[<
00000000d1d586a2>] __io_import_iovec+0x13d/0x220
[<
0000000054ee9bd2>] io_prep_rw+0x186/0x340
[<
00000000a9c0372d>] io_prep_rwv+0x31/0x120
[<
000000001d1170b9>] io_prep_readv+0xe/0x30
[<
0000000070b8eb67>] io_submit_sqes+0x1bd/0x780
[<
00000000812496d4>] __do_sys_io_uring_enter+0x3ed/0x5b0
[<
0000000081499602>] do_syscall_64+0x5d/0x170
[<
00000000de1c5a4d>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
This occurs because the async data cleanup functions are not set for
read/write operations. As a result, the potentially allocated iovec in
the rw async data is not freed before the async data is released,
leading to a memory leak.
With this following patch, kmemleak does not show the leaked memory
anymore, and all liburing tests pass.
Fixes: a9165b83c193 ("io_uring/rw: always setup io_async_rw for read/write requests")
Signed-off-by: Breno Leitao <leitao@debian.org>
Link: https://lore.kernel.org/r/20240530142340.1248216-1-leitao@debian.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
projects / mirror_ubuntu-kernels.git / commit