lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADUfDZqZ794CXKPeXnJ3oX3MrKPg6VtgQATLOTmrMv5wEhucRA@mail.gmail.com>
Date: Sat, 1 Mar 2025 10:26:32 -0800
From: Caleb Sander Mateos <csander@...estorage.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: Pavel Begunkov <asml.silence@...il.com>, io-uring@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/5] io_uring/rsrc: call io_free_node() on
 io_sqe_buffer_register() failure

On Fri, Feb 28, 2025 at 6:23 PM Jens Axboe <axboe@...nel.dk> wrote:
>
> On 2/28/25 6:31 PM, Pavel Begunkov wrote:
> > On 2/28/25 23:59, Caleb Sander Mateos wrote:
> >> io_sqe_buffer_register() currently calls io_put_rsrc_node() if it fails
> >> to fully set up the io_rsrc_node. io_put_rsrc_node() is more involved
> >> than necessary, since we already know the reference count will reach 0
> >> and no io_mapped_ubuf has been attached to the node yet.
> >>
> >> So just call io_free_node() to release the node's memory. This also
> >> avoids the need to temporarily set the node's buf pointer to NULL.
> >>
> >> Signed-off-by: Caleb Sander Mateos <csander@...estorage.com>
> >> ---
> >>   io_uring/rsrc.c | 3 +--
> >>   1 file changed, 1 insertion(+), 2 deletions(-)
> >>
> >> diff --git a/io_uring/rsrc.c b/io_uring/rsrc.c
> >> index 748a09cfaeaa..398c6f427bcc 100644
> >> --- a/io_uring/rsrc.c
> >> +++ b/io_uring/rsrc.c
> >> @@ -780,11 +780,10 @@ static struct io_rsrc_node *io_sqe_buffer_register(struct io_ring_ctx *ctx,
> >>           return NULL;
> >>         node = io_rsrc_node_alloc(ctx, IORING_RSRC_BUFFER);
> >>       if (!node)
> >>           return ERR_PTR(-ENOMEM);
> >> -    node->buf = NULL;
> >
> > It's better to have it zeroed than set to a freed / invalid
> > value, it's a slow path.
>
> Agree, let's leave the clear, I don't like passing uninitialized memory
> around.

io_rsrc_node_alloc() actually does already zero all of io_rsrc_node's
fields (file_ptr is in a union with buf):

struct io_rsrc_node *io_rsrc_node_alloc(struct io_ring_ctx *ctx, int type)
{
        struct io_rsrc_node *node;

        node = io_cache_alloc(&ctx->node_cache, GFP_KERNEL);
        if (node) {
                node->type = type;
                node->refs = 1;
                node->tag = 0;
                node->file_ptr = 0;
        }
        return node;
}

How about I remove the redundant node->buf = NULL; in a separate
patch, since it's not dependent on switching the error path to
io_free_node()?

Thanks,
Caleb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ