| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADUfDZrdhNzoEjHCcFrLUQ00Lj2xkwLiSdq4ky737LVQzzVaDg@mail.gmail.com>
Date: Mon, 15 Dec 2025 08:29:45 -0800
From: Caleb Sander Mateos <csander@...estorage.com>
To: Joanne Koong <joannelkoong@...il.com>
Cc: Jens Axboe <axboe@...nel.dk>, io-uring@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/5] io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED
On Mon, Dec 15, 2025 at 3:31 AM Joanne Koong <joannelkoong@...il.com> wrote:
>
> On Wed, Dec 3, 2025 at 12:41 AM Caleb Sander Mateos
> <csander@...estorage.com> wrote:
> >
> > io_uring_enter() and io_msg_ring() read ctx->flags and
> > ctx->submitter_task without holding the ctx's uring_lock. This means
> > they may race with the assignment to ctx->submitter_task and the
> > clearing of IORING_SETUP_R_DISABLED from ctx->flags in
> > io_register_enable_rings(). Ensure the correct ordering of the
> > ctx->flags and ctx->submitter_task memory accesses by storing to
> > ctx->flags using release ordering and loading it using acquire ordering.
> >
> > Signed-off-by: Caleb Sander Mateos <csander@...estorage.com>
> > Fixes: 7e84e1c7566a ("io_uring: allow disabling rings during the creation")
>
> This LGTM. But should the fixes be commit 7cae596bc31f ("io_uring:
> register single issuer task at creation")? AFAICT, that's the commit
> that introduces the ctx->submitter_task assignment in
> io_register_enable_rings() that causes the memory reordering issue
> with the unlocked read in io_uring_add_tctx_node(). I don't see this
> issue in 7e84e1c7566a.
Yes, that looks correct to me. Thanks for taking a look.
--Caleb
Powered by blists - more mailing lists