Hi,
Thanks. I'm also analyzing the root cause of this bug.
By the way, can I apply for a CVE? And should I submit a request to
some official organizations, such as Openwall, etc?
Regards,
Yang
Pavel Begunkov <asml.silence@xxxxxxxxx> 于2023年5月22日周一 08:45写道:
>
> On 5/20/23 10:38, yang lan wrote:
> > Hi,
> >
> > Thanks for your response.
> >
> > But I applied this patch to LTS kernel 5.10.180, it can still trigger this bug.
> >
> > --- io_uring/io_uring.c.back 2023-05-20 17:11:25.870550438 +0800
> > +++ io_uring/io_uring.c 2023-05-20 16:35:24.265846283 +0800
> > @@ -1970,7 +1970,7 @@
> > static struct io_kiocb *io_alloc_req(struct io_ring_ctx *ctx)
> > __must_hold(&ctx->uring_lock)
> > {
> > struct io_submit_state *state = &ctx->submit_state;
> > - gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;
> > + gfp_t gfp = GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY;
> > int ret, i;
> >
> > BUILD_BUG_ON(ARRAY_SIZE(state->reqs) < IO_REQ_ALLOC_BATCH);
> >
> > The io_uring.c.back is the original file.
> > Do I apply this patch wrong?
>
> The patch looks fine. I run a self-written test before
> sending with 6.4, worked as expected. I need to run the syz
> test, maybe it shifted to another spot, e.g. in provided
> buffers.
>
> --
> Pavel Begunkov
