* [PATCH 1/1] io_uring/zctx: check chained notif contexts
@ 2025-08-14 14:40 Pavel Begunkov
2025-08-20 19:03 ` Pavel Begunkov
2025-08-20 19:05 ` Jens Axboe
0 siblings, 2 replies; 3+ messages in thread
From: Pavel Begunkov @ 2025-08-14 14:40 UTC (permalink / raw)
To: io-uring; +Cc: asml.silence
Send zc only links ubuf_info for requests coming from the same context.
There are some ambiguous syz reports, so let's check the assumption on
notification completion.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
---
io_uring/notif.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/io_uring/notif.c b/io_uring/notif.c
index 9a6f6e92d742..8c92e9cde2c6 100644
--- a/io_uring/notif.c
+++ b/io_uring/notif.c
@@ -14,10 +14,15 @@ static const struct ubuf_info_ops io_ubuf_ops;
static void io_notif_tw_complete(struct io_kiocb *notif, io_tw_token_t tw)
{
struct io_notif_data *nd = io_notif_to_data(notif);
+ struct io_ring_ctx *ctx = notif->ctx;
+
+ lockdep_assert_held(&ctx->uring_lock);
do {
notif = cmd_to_io_kiocb(nd);
+ if (WARN_ON_ONCE(ctx != notif->ctx))
+ return;
lockdep_assert(refcount_read(&nd->uarg.refcnt) == 0);
if (unlikely(nd->zc_report) && (nd->zc_copied || !nd->zc_used))
--
2.49.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] io_uring/zctx: check chained notif contexts
2025-08-14 14:40 [PATCH 1/1] io_uring/zctx: check chained notif contexts Pavel Begunkov
@ 2025-08-20 19:03 ` Pavel Begunkov
2025-08-20 19:05 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Pavel Begunkov @ 2025-08-20 19:03 UTC (permalink / raw)
To: Pavel Begunkov, io-uring
On 8/14/25 15:40, Pavel Begunkov wrote:
> Send zc only links ubuf_info for requests coming from the same context.
> There are some ambiguous syz reports, so let's check the assumption on
> notification completion.
This one would be great to have to hopefully start tackling
the syzbot report.
> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
> ---
> io_uring/notif.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/io_uring/notif.c b/io_uring/notif.c
> index 9a6f6e92d742..8c92e9cde2c6 100644
> --- a/io_uring/notif.c
> +++ b/io_uring/notif.c
> @@ -14,10 +14,15 @@ static const struct ubuf_info_ops io_ubuf_ops;
> static void io_notif_tw_complete(struct io_kiocb *notif, io_tw_token_t tw)
> {
> struct io_notif_data *nd = io_notif_to_data(notif);
> + struct io_ring_ctx *ctx = notif->ctx;
> +
> + lockdep_assert_held(&ctx->uring_lock);
>
> do {
> notif = cmd_to_io_kiocb(nd);
>
> + if (WARN_ON_ONCE(ctx != notif->ctx))
> + return;
> lockdep_assert(refcount_read(&nd->uarg.refcnt) == 0);
>
> if (unlikely(nd->zc_report) && (nd->zc_copied || !nd->zc_used))
--
Pavel Begunkov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] io_uring/zctx: check chained notif contexts
2025-08-14 14:40 [PATCH 1/1] io_uring/zctx: check chained notif contexts Pavel Begunkov
2025-08-20 19:03 ` Pavel Begunkov
@ 2025-08-20 19:05 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2025-08-20 19:05 UTC (permalink / raw)
To: io-uring, Pavel Begunkov
On Thu, 14 Aug 2025 15:40:57 +0100, Pavel Begunkov wrote:
> Send zc only links ubuf_info for requests coming from the same context.
> There are some ambiguous syz reports, so let's check the assumption on
> notification completion.
>
>
Applied, thanks!
[1/1] io_uring/zctx: check chained notif contexts
commit: aad1370a6125e1f676c18aabc2e819348e65c25a
Best regards,
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-08-20 19:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-14 14:40 [PATCH 1/1] io_uring/zctx: check chained notif contexts Pavel Begunkov
2025-08-20 19:03 ` Pavel Begunkov
2025-08-20 19:05 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox