io_uring: clean rings on NO_MMAP alloc fail

We make a few cancellation judgements based on ctx->rings, so let's
zero it afer deallocation for IORING_SETUP_NO_MMAP just like it's
done with the mmap case. Likely, it's not a real problem, but zeroing
is safer and better tested.

Cc: stable@vger.kernel.org
Fixes: 03d89a2de25bbc ("io_uring: support for user allocated memory for rings/sqes")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/9ff6cdf91429b8a51699c210e1f6af6ea3f8bdcf.1710255382.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 49a124daa3595759e546a4e47b8aa21771340c18..e7d7a456b4896123a810384ffc873f363c77c486 100644 (file)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2788,14 +2788,15 @@ static void io_rings_free(struct io_ring_ctx *ctx)
        if (!(ctx->flags & IORING_SETUP_NO_MMAP)) {
                io_mem_free(ctx->rings);
                io_mem_free(ctx->sq_sqes);
-               ctx->rings = NULL;
-               ctx->sq_sqes = NULL;
        } else {
                io_pages_free(&ctx->ring_pages, ctx->n_ring_pages);
                ctx->n_ring_pages = 0;
                io_pages_free(&ctx->sqe_pages, ctx->n_sqe_pages);
                ctx->n_sqe_pages = 0;
        }
+
+       ctx->rings = NULL;
+       ctx->sq_sqes = NULL;
 }
 
 void *io_mem_alloc(size_t size)