[lvc-project] [PATCH 5.10/5.15] io_uring: avoid null-ptr-deref in io_arm_poll_handler

[Jens Axboe]

On 3/16/23 12:56 PM, Fedor Pchelkin wrote:
> No upstream commit exists for this commit.
> 
> The issue was introduced with backporting upstream commit c16bda37594f
> ("io_uring/poll: allow some retries for poll triggering spuriously").
> 
> Memory allocation can possibly fail causing invalid pointer be
> dereferenced just before comparing it to NULL value.
> 
> Move the pointer check in proper place (upstream has the similar location
> of the check). In case the request has REQ_F_POLLED flag up, apoll can't
> be NULL so no need to check there.
> 
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Ah thanks, yes that's a mistake. Looks good to me!

-- 
Jens Axboe