Re: [PATCH 5.12] io_uring: handle setup-failed ctx in kill_timeouts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/29/21 4:39 AM, Pavel Begunkov wrote:
> general protection fault, probably for non-canonical address
> 	0xdffffc0000000018: 0000 [#1] KASAN: null-ptr-deref
> 	in range [0x00000000000000c0-0x00000000000000c7]
> RIP: 0010:io_commit_cqring+0x37f/0xc10 fs/io_uring.c:1318
> Call Trace:
>  io_kill_timeouts+0x2b5/0x320 fs/io_uring.c:8606
>  io_ring_ctx_wait_and_kill+0x1da/0x400 fs/io_uring.c:8629
>  io_uring_create fs/io_uring.c:9572 [inline]
>  io_uring_setup+0x10da/0x2ae0 fs/io_uring.c:9599
>  do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
>  entry_SYSCALL_64_after_hwframe+0x44/0xae
> 
> It can get into wait_and_kill() before setting up ctx->rings, and hence
> io_commit_cqring() fails. Mimic poll cancel and do it only when we
> completed events, there can't be any requests if it failed before
> initialising rings.

Thanks, applied.

-- 
Jens Axboe
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux