Re: [PATCH 5.6] io_uring: NULL-deref for IOSQE_{ASYNC,DRAIN}

From: Jens Axboe
Date: Sat Mar 14 2020 - 23:37:36 EST

Next message: Paolo Bonzini: "Re: [PATCH v2 0/2] kvm: selftests: Introduce TEST_FAIL and convert"
Previous message: syzbot: "linux-next test error: WARNING: suspicious RCU usage in ovs_ct_exit"
In reply to: Jens Axboe: "Re: [PATCH 5.6] io_uring: NULL-deref for IOSQE_{ASYNC,DRAIN}"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/13/20 1:29 PM, Pavel Begunkov wrote:
> Processing links, io_submit_sqe() prepares requests, drops sqes, and
> passes them with sqe=NULL to io_queue_sqe(). There IOSQE_DRAIN and/or
> IOSQE_ASYNC requests will go through the same prep, which doesn't expect
> sqe=NULL and fail with NULL pointer deference.
>
> Always do full prepare including io_alloc_async_ctx() for linked
> requests, and then it can skip the second preparation.

Thanks, applied.

--
Jens Axboe

Next message: Paolo Bonzini: "Re: [PATCH v2 0/2] kvm: selftests: Introduce TEST_FAIL and convert"
Previous message: syzbot: "linux-next test error: WARNING: suspicious RCU usage in ovs_ct_exit"
In reply to: Jens Axboe: "Re: [PATCH 5.6] io_uring: NULL-deref for IOSQE_{ASYNC,DRAIN}"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]