* [PATCH] io_uring/net: fix uninitialised addr
@ 2022-08-25 10:11 Pavel Begunkov
2022-08-25 10:13 ` Pavel Begunkov
0 siblings, 1 reply; 4+ messages in thread
From: Pavel Begunkov @ 2022-08-25 10:11 UTC (permalink / raw)
To: io-uring; +Cc: Jens Axboe, asml.silence
Don't forget to initialise and set addr in io_sendzc(), so if it goes
async we can copy it.
Signed-off-by: Pavel Begunkov <[email protected]>
---
io_uring/net.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/io_uring/net.c b/io_uring/net.c
index 4eaeb805e720..0af8a02df580 100644
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -975,7 +975,7 @@ static int io_sg_from_iter(struct sock *sk, struct sk_buff *skb,
int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
{
- struct sockaddr_storage __address, *addr;
+ struct sockaddr_storage __address, *addr = NULL;
struct io_ring_ctx *ctx = req->ctx;
struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
struct io_notif_slot *notif_slot;
@@ -1012,12 +1012,13 @@ int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
if (req_has_async_data(req)) {
struct io_async_msghdr *io = req->async_data;
- msg.msg_name = &io->addr;
+ msg.msg_name = addr = &io->addr;
} else {
ret = move_addr_to_kernel(zc->addr, zc->addr_len, &__address);
if (unlikely(ret < 0))
return ret;
msg.msg_name = (struct sockaddr *)&__address;
+ addr = &__address;
}
msg.msg_namelen = zc->addr_len;
}
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] io_uring/net: fix uninitialised addr
2022-08-25 10:11 [PATCH] io_uring/net: fix uninitialised addr Pavel Begunkov
@ 2022-08-25 10:13 ` Pavel Begunkov
2022-08-25 13:52 ` Jens Axboe
0 siblings, 1 reply; 4+ messages in thread
From: Pavel Begunkov @ 2022-08-25 10:13 UTC (permalink / raw)
To: io-uring; +Cc: Jens Axboe
On 8/25/22 11:11, Pavel Begunkov wrote:
> Don't forget to initialise and set addr in io_sendzc(), so if it goes
> async we can copy it.
Jens, can you amend it into the last commit?
("io_uring/net: save address for sendzc async execution")
> Signed-off-by: Pavel Begunkov <[email protected]>
> ---
> io_uring/net.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/io_uring/net.c b/io_uring/net.c
> index 4eaeb805e720..0af8a02df580 100644
> --- a/io_uring/net.c
> +++ b/io_uring/net.c
> @@ -975,7 +975,7 @@ static int io_sg_from_iter(struct sock *sk, struct sk_buff *skb,
>
> int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
> {
> - struct sockaddr_storage __address, *addr;
> + struct sockaddr_storage __address, *addr = NULL;
> struct io_ring_ctx *ctx = req->ctx;
> struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
> struct io_notif_slot *notif_slot;
> @@ -1012,12 +1012,13 @@ int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
> if (req_has_async_data(req)) {
> struct io_async_msghdr *io = req->async_data;
>
> - msg.msg_name = &io->addr;
> + msg.msg_name = addr = &io->addr;
> } else {
> ret = move_addr_to_kernel(zc->addr, zc->addr_len, &__address);
> if (unlikely(ret < 0))
> return ret;
> msg.msg_name = (struct sockaddr *)&__address;
> + addr = &__address;
> }
> msg.msg_namelen = zc->addr_len;
> }
--
Pavel Begunkov
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] io_uring/net: fix uninitialised addr
2022-08-25 10:13 ` Pavel Begunkov
@ 2022-08-25 13:52 ` Jens Axboe
2022-08-25 15:37 ` Pavel Begunkov
0 siblings, 1 reply; 4+ messages in thread
From: Jens Axboe @ 2022-08-25 13:52 UTC (permalink / raw)
To: Pavel Begunkov, io-uring
On 8/25/22 4:13 AM, Pavel Begunkov wrote:
> On 8/25/22 11:11, Pavel Begunkov wrote:
>> Don't forget to initialise and set addr in io_sendzc(), so if it goes
>> async we can copy it.
>
> Jens, can you amend it into the last commit?
> ("io_uring/net: save address for sendzc async execution")
Yes, I'll amend it. But do we have a test case that hits this path?
Because it seems like that would've blown up immediately.
--
Jens Axboe
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] io_uring/net: fix uninitialised addr
2022-08-25 13:52 ` Jens Axboe
@ 2022-08-25 15:37 ` Pavel Begunkov
0 siblings, 0 replies; 4+ messages in thread
From: Pavel Begunkov @ 2022-08-25 15:37 UTC (permalink / raw)
To: Jens Axboe, io-uring
On 8/25/22 14:52, Jens Axboe wrote:
> On 8/25/22 4:13 AM, Pavel Begunkov wrote:
>> On 8/25/22 11:11, Pavel Begunkov wrote:
>>> Don't forget to initialise and set addr in io_sendzc(), so if it goes
>>> async we can copy it.
>>
>> Jens, can you amend it into the last commit?
>> ("io_uring/net: save address for sendzc async execution")
>
> Yes, I'll amend it. But do we have a test case that hits this path?
> Because it seems like that would've blown up immediately.
Apparently a test I have only hits io_sendzc_prep_async() callback
and the large buffer test doesn't trigger it. Hard to trigger it
with udp and addresses don't make sense with tcp.
--
Pavel Begunkov
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-25 15:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-25 10:11 [PATCH] io_uring/net: fix uninitialised addr Pavel Begunkov
2022-08-25 10:13 ` Pavel Begunkov
2022-08-25 13:52 ` Jens Axboe
2022-08-25 15:37 ` Pavel Begunkov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox