[ upstream commit 8579538c89e33ce78be2feb41e07489c8cbf8f31 ]
IORING_SETUP_R_DISABLED rings don't have the submitter task set, so it's not always safe to use ->submitter_task. Disallow posting msg_ring messaged to disabled rings. Also add task NULL check for loosy sync around testing for IORING_SETUP_R_DISABLED.
Cc: stable@vger.kernel.org Fixes: 6d043ee1164ca ("io_uring: do msg_ring in target task via tw") Signed-off-by: Pavel Begunkov asml.silence@gmail.com Signed-off-by: Jens Axboe axboe@kernel.dk --- io_uring/msg_ring.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/io_uring/msg_ring.c b/io_uring/msg_ring.c index a49ccab262d5..7d5b544cfc30 100644 --- a/io_uring/msg_ring.c +++ b/io_uring/msg_ring.c @@ -30,6 +30,8 @@ static int io_msg_ring_data(struct io_kiocb *req)
if (msg->src_fd || msg->dst_fd || msg->flags) return -EINVAL; + if (target_ctx->flags & IORING_SETUP_R_DISABLED) + return -EBADFD;
if (io_post_aux_cqe(target_ctx, msg->user_data, msg->len, 0, true)) return 0; @@ -84,6 +86,8 @@ static int io_msg_send_fd(struct io_kiocb *req, unsigned int issue_flags)
if (target_ctx == ctx) return -EINVAL; + if (target_ctx->flags & IORING_SETUP_R_DISABLED) + return -EBADFD;
ret = io_double_lock_ctx(ctx, target_ctx, issue_flags); if (unlikely(ret))
On Mon, Jan 23, 2023 at 03:03:24PM +0000, Pavel Begunkov wrote:
[ upstream commit 8579538c89e33ce78be2feb41e07489c8cbf8f31 ]
IORING_SETUP_R_DISABLED rings don't have the submitter task set, so it's not always safe to use ->submitter_task. Disallow posting msg_ring messaged to disabled rings. Also add task NULL check for loosy sync around testing for IORING_SETUP_R_DISABLED.
Cc: stable@vger.kernel.org Fixes: 6d043ee1164ca ("io_uring: do msg_ring in target task via tw")
This commit is only in 6.2-rc1, so is it really relevant for this commit to go to 6.1?
thanks,
greg k-h
On 1/23/23 15:23, Greg KH wrote:
On Mon, Jan 23, 2023 at 03:03:24PM +0000, Pavel Begunkov wrote:
[ upstream commit 8579538c89e33ce78be2feb41e07489c8cbf8f31 ]
IORING_SETUP_R_DISABLED rings don't have the submitter task set, so it's not always safe to use ->submitter_task. Disallow posting msg_ring messaged to disabled rings. Also add task NULL check for loosy sync around testing for IORING_SETUP_R_DISABLED.
Cc: stable@vger.kernel.org Fixes: 6d043ee1164ca ("io_uring: do msg_ring in target task via tw")
This commit is only in 6.2-rc1, so is it really relevant for this commit to go to 6.1?
In short, yes.
The upstream commit fixes a bug in 6.2, that's the Fixes tag, but it also adjusts behaviour of the feature, which came in earlier kernels. My bad I didn't split the patch in two.
I also thought Jens added a second Fixes tag but it's not there.
Fixes: 4f57f06ce2186 ("io_uring: add support for IORING_OP_MSG_RING command")
On Mon, Jan 23, 2023 at 03:29:25PM +0000, Pavel Begunkov wrote:
On 1/23/23 15:23, Greg KH wrote:
On Mon, Jan 23, 2023 at 03:03:24PM +0000, Pavel Begunkov wrote:
[ upstream commit 8579538c89e33ce78be2feb41e07489c8cbf8f31 ]
IORING_SETUP_R_DISABLED rings don't have the submitter task set, so it's not always safe to use ->submitter_task. Disallow posting msg_ring messaged to disabled rings. Also add task NULL check for loosy sync around testing for IORING_SETUP_R_DISABLED.
Cc: stable@vger.kernel.org Fixes: 6d043ee1164ca ("io_uring: do msg_ring in target task via tw")
This commit is only in 6.2-rc1, so is it really relevant for this commit to go to 6.1?
In short, yes.
The upstream commit fixes a bug in 6.2, that's the Fixes tag, but it also adjusts behaviour of the feature, which came in earlier kernels. My bad I didn't split the patch in two.
I also thought Jens added a second Fixes tag but it's not there.
Fixes: 4f57f06ce2186 ("io_uring: add support for IORING_OP_MSG_RING command")
Great, now queued up, thanks!
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Pavel Begunkov