Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-08 14:13:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18d51547fe
linux-stable/io_uring
History
Pavel Begunkov 0c323430e4 io_uring: fix drain stalls by invalid SQE 
[ Upstream commit cfdbaa3a29 ]

cq_extra is protected by ->completion_lock, which io_get_sqe() misses.
The bug is harmless as it doesn't happen in real life, requires invalid
SQ index array and racing with submission, and only messes up the
userspace, i.e. stall requests execution but will be cleaned up on
ring destruction.

Fixes: 15641e4270 ("io_uring: don't cache number of dropped SQEs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/66096d54651b1a60534bb2023f2947f09f50ef73.1691538547.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-13 09:42:43 +02:00
..
advise.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
advise.h io_uring: split out fadvise/madvise operations 2022-07-24 18:39:11 -06:00
alloc_cache.h io_uring: fix poll/netmsg alloc caches 2023-04-06 12:10:52 +02:00
cancel.c io_uring/cancel: re-grab ctx mutex after finishing wait 2023-01-12 12:02:38 +01:00
cancel.h io_uring: add sync cancelation API through io_uring_register() 2022-07-24 18:39:15 -06:00
epoll.c io_uring: undeprecate epoll_ctl support 2023-06-09 10:34:23 +02:00
epoll.h io_uring: move epoll handler to its own file 2022-07-24 18:39:11 -06:00
fdinfo.c io_uring/fdinfo: include locked hash table in fdinfo output 2023-01-18 11:58:15 +01:00
fdinfo.h io_uring: move fdinfo helpers to its own file 2022-07-24 18:39:12 -06:00
filetable.c io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() 2023-03-30 12:49:25 +02:00
filetable.h io_uring: kill hot path fixed file bitmap debug checks 2022-10-16 17:07:53 -06:00
fs.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
fs.h io_uring: split out filesystem related operations 2022-07-24 18:39:11 -06:00
io_uring.c io_uring: fix drain stalls by invalid SQE 2023-09-13 09:42:43 +02:00
io_uring.h io_uring: mark task TASK_RUNNING before handling resume/task work 2023-03-10 09:34:07 +01:00
io-wq.c io_uring/io-wq: only free worker if it was allocated for creation 2023-01-18 11:58:33 +01:00
io-wq.h io_uring: move list helpers to a separate file 2022-07-24 18:39:15 -06:00
kbuf.c io_uring: fix memory leak when removing provided buffers 2023-04-13 16:55:31 +02:00
kbuf.h io_uring: allow buffer recycling in READV 2022-09-21 10:30:43 -06:00
Makefile io_uring: add zc notification infrastructure 2022-07-24 18:41:06 -06:00
msg_ring.c io_uring/msg_ring: fix missing lock on overflow for IOPOLL 2023-08-30 16:11:05 +02:00
msg_ring.h io_uring: get rid of double locking 2023-08-30 16:11:04 +02:00
net.c io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr 2023-06-28 11:12:33 +02:00
net.h io_uring/net: zerocopy sendmsg 2022-09-21 13:15:02 -06:00
nop.c io_uring: kill extra io_uring_types.h includes 2022-07-24 18:39:14 -06:00
nop.h io_uring: move nop into its own file 2022-07-24 18:39:11 -06:00
notif.c io_uring/net: introduce IORING_SEND_ZC_REPORT_USAGE flag 2022-12-31 13:33:11 +01:00
notif.h io_uring/net: introduce IORING_SEND_ZC_REPORT_USAGE flag 2022-12-31 13:33:11 +01:00
opdef.c io_uring: get rid of double locking 2023-08-30 16:11:04 +02:00
opdef.h io_uring: dont remove file from msg_ring reqs 2022-12-31 13:33:12 +01:00
openclose.c io_uring: correct check for O_TMPFILE 2023-08-16 18:27:24 +02:00
openclose.h io_uring: split out fixed file installation and removal 2022-07-24 18:39:16 -06:00
poll.c io_uring/poll: serialize poll linked timer start with poll removal 2023-06-28 11:12:27 +02:00
poll.h io_uring/poll: allow some retries for poll triggering spuriously 2023-03-11 13:55:43 +01:00
refs.h io_uring: make io_uring_types.h public 2022-07-24 18:39:14 -06:00
rsrc.c io_uring/rsrc: use nospec'ed indexes 2023-05-11 23:03:24 +09:00
rsrc.h io_uring/rsrc: fix rogue rsrc node grabbing 2023-04-06 12:10:51 +02:00
rw.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
rw.h io_uring/rw: don't lose partial IO result on fail 2022-09-21 13:15:02 -06:00
slist.h io_uring: move list helpers to a separate file 2022-07-24 18:39:15 -06:00
splice.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
splice.h io_uring: split out splice related operations 2022-07-24 18:39:11 -06:00
sqpoll.c io_uring: unlock sqd->lock before sq thread release CPU 2023-06-21 16:00:53 +02:00
sqpoll.h io_uring: move SQPOLL related handling into its own file 2022-07-24 18:39:12 -06:00
statx.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
statx.h io_uring: move statx handling to its own file 2022-07-24 18:39:11 -06:00
sync.c io_uring: make io_kiocb_to_cmd() typesafe 2022-08-12 17:01:00 -06:00
sync.h io_uring: split out fs related sync/fallocate functions 2022-07-24 18:39:11 -06:00
tctx.c io_uring: remove io_register_submitter 2022-10-07 12:25:30 -06:00
tctx.h io_uring: simplify __io_uring_add_tctx_node 2022-10-07 12:25:30 -06:00
timeout.c io_uring: annotate offset timeout races 2023-08-11 12:08:24 +02:00
timeout.h io_uring: remove unused return from io_disarm_next 2022-09-21 13:15:01 -06:00
uring_cmd.c block/io_uring: pass in issue_flags for uring_cmd task_work handling 2023-04-06 12:10:51 +02:00
uring_cmd.h io_uring: move uring_cmd handling to its own file 2022-07-24 18:39:11 -06:00
xattr.c __io_setxattr(): constify path 2022-09-01 17:39:05 -04:00
xattr.h io_uring: move xattr related opcodes to its own file 2022-07-24 18:39:11 -06:00