qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/io_uring
History
Jens Axboe 98b6fa62c8 io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths 
Since the buffers are mapped from userspace, it is prudent to use
READ_ONCE() to read the value into a local variable, and use that for
any other actions taken. Having a stable read of the buffer length
avoids worrying about it changing after checking, or being read multiple
times.

Similarly, the buffer may well change in between it being picked and
being committed. Ensure the looping for incremental ring buffer commit
stops if it hits a zero sized buffer, as no further progress can be made
at that point.

Fixes: ae98dbf43d ("io_uring/kbuf: add support for incremental buffer consumption")
Link: https://lore.kernel.org/io-uring/tencent_000C02641F6250C856D0C26228DE29A3D30A@qq.com/
Reported-by: Qingyue Zhang <chunzhennn@qq.com>
Reported-by: Suoxing Zhang <aftern00n@qq.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
 		2025-08-28 05:48:34 -06:00
..
Kconfig
Makefile io_uring/mock: add basic infra for test mock files 2025-07-02 08:10:26 -06:00
advise.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
advise.h
alloc_cache.c
alloc_cache.h
cancel.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
cancel.h
cmd_net.c io_uring/netcmd: add tx timestamping cmd support 2025-06-23 09:00:12 -06:00
epoll.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
epoll.h
eventfd.c io_uring/eventfd: open code io_eventfd_grab() 2025-04-24 08:33:54 -06:00
eventfd.h io_uring/eventfd: dedup signalling helpers 2025-04-24 08:33:54 -06:00
fdinfo.c io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() 2025-06-10 11:20:04 -06:00
fdinfo.h
filetable.c
filetable.h
fs.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
fs.h
futex.c io_uring/futex: ensure io_futex_wait() cleans up properly on failure 2025-08-21 13:53:33 -06:00
futex.h
io-wq.c io_uring/io-wq: add check free worker before create new worker 2025-08-13 06:31:10 -06:00
io-wq.h
io_uring.c io_uring: clear ->async_data as part of normal init 2025-08-21 13:54:01 -06:00
io_uring.h io_uring: deduplicate wakeup handling 2025-07-15 12:20:06 -06:00
kbuf.c io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths 2025-08-28 05:48:34 -06:00
kbuf.h io_uring/kbuf: flag partial buffer mappings 2025-06-26 12:17:48 -06:00
memmap.c io_uring/memmap: cast nr_pages to size_t before shifting 2025-08-08 06:35:14 -06:00
memmap.h io_uring: update parameter name in io_pin_pages function declaration 2025-05-09 07:58:22 -06:00
mock_file.c io_uring/mock: add trivial poll handler 2025-07-02 08:10:26 -06:00
msg_ring.c io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU 2025-07-08 11:08:31 -06:00
msg_ring.h
napi.c
napi.h
net.c io_uring/net: commit partial buffers on retry 2025-08-12 13:41:26 -06:00
net.h
nop.c io_uring/nop: add IORING_NOP_TW completion flag 2025-06-23 08:59:13 -06:00
nop.h
notif.c io_uring: remove io_preinit_req() 2025-05-06 10:11:23 -06:00
notif.h
opdef.c Merge branch 'io_uring-6.16' into for-6.17/io_uring 2025-07-06 16:42:23 -06:00
opdef.h io_uring: add struct io_cold_def->sqe_copy() method 2025-06-23 08:59:13 -06:00
openclose.c fs/pipe: set FMODE_NOWAIT in create_pipe_files() 2025-06-10 13:16:19 +02:00
openclose.h
poll.c for-6.17/io_uring-20250728 2025-07-28 16:30:12 -07:00
poll.h io_uring/poll: introduce io_arm_apoll() 2025-06-23 09:00:12 -06:00
refs.h
register.c io_uring: consistently use rcu semantics with sqpoll thread 2025-06-12 08:17:09 -06:00
register.h
rsrc.c io_uring: export io_[un]account_mem 2025-07-16 16:23:28 -06:00
rsrc.h io_uring: export io_[un]account_mem 2025-07-16 16:23:28 -06:00
rw.c io_uring/rw: cast rw->flags assignment to rwf_t 2025-07-07 16:46:30 -06:00
rw.h
slist.h
splice.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
splice.h
sqpoll.c io_uring/sqpoll: don't put task_struct on tctx setup failure 2025-06-17 06:43:18 -06:00
sqpoll.h io_uring: consistently use rcu semantics with sqpoll thread 2025-06-12 08:17:09 -06:00
statx.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
statx.h
sync.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
sync.h
tctx.c
tctx.h
timeout.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
timeout.h io_uring/timeout: don't export link t-out disarm helper 2025-05-06 10:11:23 -06:00
truncate.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
truncate.h
uring_cmd.c io_uring/cmd: remove struct io_uring_cmd_data 2025-07-18 12:34:56 -06:00
uring_cmd.h io_uring/cmd: remove struct io_uring_cmd_data 2025-07-18 12:34:56 -06:00
waitid.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
waitid.h
xattr.c io_uring: finish IOU_OK -> IOU_COMPLETE transition 2025-05-21 08:41:16 -06:00
xattr.h
zcrx.c for-6.17/io_uring-20250728 2025-07-28 16:30:12 -07:00
zcrx.h io_uring/zcrx: account area memory 2025-07-16 16:23:28 -06:00