On 1/20/23 8:09 AM, Pavel Begunkov wrote: > On 1/18/23 15:56, Breno Leitao wrote: >> Every io_uring request is represented by struct io_kiocb, which is >> cached locally by io_uring (not SLAB/SLUB) in the list called >> submit_state.freelist. This patch simply enabled KASAN for this free >> list. >> >> This list is initially created by KMEM_CACHE, but later, managed by >> io_uring. This patch basically poisons the objects that are not used >> (i.e., they are the free list), and unpoisons it when the object is >> allocated/removed from the list. >> >> Touching these poisoned objects while in the freelist will cause a KASAN >> warning. > > Doesn't apply cleanly to for-6.3/io_uring, but otherwise looks good > > Reviewed-by: Pavel Begunkov <asml.silence@xxxxxxxxx> I ran testing on this yesterday and noticed the same thing, just a trivial fuzz reject. I can fix it up while applying. Thanks for reviewing! -- Jens Axboe
