lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6213cf3d-b114-4c27-b9c5-6339b9f363aa@gmail.com>
Date: Wed, 12 Jun 2024 13:35:50 +0100
From: Pavel Begunkov <asml.silence@...il.com>
To: chase xd <sl1589472800@...il.com>, Jens Axboe <axboe@...nel.dk>,
 io-uring@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [io-uring] WARNING in io_fill_cqe_req_aux

On 6/12/24 08:10, chase xd wrote:
> Sorry now I'm also a bit confused by the branch choosing. I checked
> out branch "for-6.9/io_uring" and started testing on that branch. I
> assume that was the latest version of io_uring at that time, even now
> I check out that branch and the bug still exists. How should I know
> whether the branch will be merged, and which branch do you think I
> should test on? Thanks.

# git show a69d20885494:io_uring/io_uring.c | grep -A 13 io_fill_cqe_req_aux
bool io_fill_cqe_req_aux(struct io_kiocb *req, bool defer, s32 res, u32 cflags)
{
         struct io_ring_ctx *ctx = req->ctx;
         u64 user_data = req->cqe.user_data;

         if (!defer)
                 return __io_post_aux_cqe(ctx, user_data, res, cflags, false);

         lockdep_assert_held(&ctx->uring_lock);
         io_lockdep_assert_cq_locked(ctx);

         ctx->submit_state.flush_cqes = true;
         return io_fill_cqe_aux(ctx, user_data, res, cflags);
}

That's the buggy version from the hash you're testing, IIRC it
was in the tree for longer than necessary, presumably which is
why you found it, but it was never sent to Linus. Below is
current state of for-6.9 and what it was replaced with
respectively. Let me separately check for-6.9/io_uring if you're
concerned about it.




# git show for-6.9/io_uring:io_uring/io_uring.c | grep -A 30 io_fill_cqe_req_aux
bool io_fill_cqe_req_aux(struct io_kiocb *req, bool defer, s32 res, u32 cflags)
{
         struct io_ring_ctx *ctx = req->ctx;
         u64 user_data = req->cqe.user_data;
         struct io_uring_cqe *cqe;

         lockdep_assert(!io_wq_current_is_worker());

         if (!defer)
                 return __io_post_aux_cqe(ctx, user_data, res, cflags, false);

         lockdep_assert_held(&ctx->uring_lock);

         if (ctx->submit_state.cqes_count == ARRAY_SIZE(ctx->completion_cqes)) {
...

# git show origin/for-6.10/io_uring:io_uring/io_uring.c | grep -A 13 io_req_post_cqe
bool io_req_post_cqe(struct io_kiocb *req, s32 res, u32 cflags)
{
         struct io_ring_ctx *ctx = req->ctx;
         bool posted;

         lockdep_assert(!io_wq_current_is_worker());
         lockdep_assert_held(&ctx->uring_lock);

         __io_cq_lock(ctx);
         posted = io_fill_cqe_aux(ctx, req->cqe.user_data, res, cflags);
         ctx->submit_state.cq_flush = true;
         __io_cq_unlock_post(ctx);
         return posted;
}

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ