| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aQAIR9DQwiySzEj-@kbusch-mbp>
Date: Mon, 27 Oct 2025 18:03:19 -0600
From: Keith Busch <kbusch@...nel.org>
To: Jens Axboe <axboe@...nel.dk>
Cc: syzbot <syzbot+10a9b495f54a17b607a6@...kaller.appspotmail.com>,
io-uring@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [io-uring?] INFO: task hung in io_uring_del_tctx_node
(5)
On Mon, Oct 27, 2025 at 05:15:56PM -0600, Jens Axboe wrote:
> >> leaves fdinfo open up to being broken. Before, we had:
> >>
> >> sq_entries = min(sq_tail - sq_head, ctx->sq_entries);
> >>
> >> as a cap for the loop, now you just have:
> >>
> >> while (sq_head < sq_tail) {
> >>
> >> which seems like a bad idea. It's also missing an sq_head increment if
> >> we hit this condition:
> >
> > This would have to mean the application did an invalid head ring-wrap,
> > right?
>
> Right, it's a malicious use case. But you always have to be able to deal
> with those, it's not like broken hardware in that sense.
>
> > Regardless, I messed up and the wrong thing will happen here in
> > that case as well as the one you mentioned.
>
> Yep I think so too, was more interested in your opinion on the patch :-)
Yeah, patch looks good. I plowed through this thinking the mixed CQE
showed the way, but didn't appreciate the subtle differences on the
submission side.
Powered by blists - more mailing lists