[BUG] io_uring: defer logic based on shared data
From: Pavel Begunkov
Date: Fri Oct 25 2019 - 05:55:37 EST
I found 2 problems with __io_sequence_defer().
1. it uses @sq_dropped, but doesn't consider @cq_overflow
2. @sq_dropped and @cq_overflow are write-shared with userspace, so
it can be maliciously changed.
see sent liburing test (test/defer *_hung()), which left an unkillable
process for me
--
Yours sincerely,
Pavel Begunkov
Attachment:
signature.asc
Description: OpenPGP digital signature