Google Git
Sign in
kernel/pub/scm/linux/kernel/git/axboe/liburing/ee133f073c3c1017ea110659e77e1b92dd49eeea
commit
ee133f073c3c1017ea110659e77e1b92dd49eeea
[log]
author
Ahmed Abdelmoemen <ahmedabdelmoumen05@gmail.com>
Thu May 14 14:31:44 2026 +0100
committer
Ahmed Abdelmoemen <ahmedabdelmoumen05@gmail.com>
Tue May 19 14:25:32 2026 +0100
tree
9a937e2be06fca6874ef66ec18d99b4809e1732a
parent
40999f52c668b0c32dff712e3dfa1ace6c9e37c4 [diff]
src/register: clean up ring state on failed resize mmap

If io_uring_resize_rings() succeeds in the kernel but the subsequent
mmap call fails, sq/cq may hold stale or error-encoded pointers such
as ring_ptr = (void *)-ENOMEM.  A later call to io_uring_queue_exit()
would pass these to munmap, resulting in undefined behaviour.

Zero out sq and cq before calling io_uring_queue_exit() so that the
cleanup path is safe regardless of which mappings were established.

Fixes: https://github.com/axboe/liburing/issues/1574
Signed-off-by: Ahmed Abdelmoemen <ahmedabdelmoumen05@gmail.com>
1 file changed
tree: 9a937e2be06fca6874ef66ec18d99b4809e1732a
  1. .github/
  2. debian/
  3. examples/
  4. man/
  5. src/
  6. test/
  7. .gitignore
  8. CHANGELOG
  9. CITATION.cff
  10. configure
  11. CONTRIBUTING.md
  12. COPYING
  13. COPYING.GPL
  14. liburing-ffi.pc.in
  15. liburing.pc.in
  16. liburing.spec
  17. LICENSE
  18. make-debs.sh
  19. Makefile
  20. Makefile.common
  21. Makefile.quiet
  22. README
  23. SECURITY.md