On 2/13/25 9:39 AM, Caleb Sander Mateos wrote: > On Thu, Feb 13, 2025 at 8:30?AM Jens Axboe <axboe@xxxxxxxxx> wrote: >> >> This isn't generally necessary, but conditions have been observed where >> SQE data is accessed from the original SQE after prep has been done and >> outside of the initial issue. Opcode prep handlers must ensure that any >> SQE related data is stable beyond the prep phase, but uring_cmd is a bit >> special in how it handles the SQE which makes it susceptible to reading >> stale data. If the application has reused the SQE before the original >> completes, then that can lead to data corruption. >> >> Down the line we can relax this again once uring_cmd has been sanitized >> a bit, and avoid unnecessarily copying the SQE. >> >> Reported-by: Caleb Sander Mateos <csander@xxxxxxxxxxxxxxx> >> Reviewed-by: Caleb Sander Mateos <csander@xxxxxxxxxxxxxxx> >> Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> >> >> --- >> >> V2: >> - Pass in SQE for copy, and drop helper for copy > > v2 looks good to me. You might add "Fixes: 5eff57fa9f3a", since we > know it fixes the potential SQE corruption in the link and drain > cases. Sure, I'll add that, reduces the risk of it being missed for stable. -- Jens Axboe
