| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Feb 2020 14:05:02 +0300
From: Pavel Begunkov <asml.silence@...il.com>
To: David Laight <David.Laight@...LAB.COM>,
Jens Axboe <axboe@...nel.dk>,
"io-uring@...r.kernel.org" <io-uring@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] io_uring: fix iovec leaks
On 2/11/2020 1:07 PM, David Laight wrote:
> From: Pavel Begunkov
>> Sent: 07 February 2020 19:05
>> Allocated iovec is freed only in io_{read,write,send,recv)(), and just
>> leaves it if an error occured. There are plenty of such cases:
>> - cancellation of non-head requests
>> - fail grabbing files in __io_queue_sqe()
>> - set REQ_F_NOWAIT and returning in __io_queue_sqe()
>> - etc.
>>
>> Add REQ_F_NEED_CLEANUP, which will force such requests with custom
>> allocated resourses go through cleanup handlers on put.
>
> This looks horribly fragile.
Well, not as horrible as it may appear -- set the flag, whenever you
want the corresponding destructor to be called, and clear it when is not
needed anymore.
I'd love to have something better, maybe even something more intrusive
for-next, but that shouldn't hurt the hot path. Any ideas?
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
>
--
Pavel Begunkov
Powered by blists - more mailing lists