Re: [PATCH v4 2/5] io_uring/cmd: zero-init pdu in io_uring_cmd_prep() to avoid UB

Next message: Nick Hu: "Re: [PATCH v3] dt-bindings: timer: Add SiFive CLINT2"
Previous message: Zhu Yanjun: "Re: [PATCH v5 0/3] Support PERF MGMT for RXE"
In reply to: Sidong Yang: "[PATCH v4 2/5] io_uring/cmd: zero-init pdu in io_uring_cmd_prep() to avoid UB"
Next in thread: Sidong Yang: "Re: [PATCH v4 2/5] io_uring/cmd: zero-init pdu in io_uring_cmd_prep() to avoid UB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg Kroah-Hartman

Date: Thu Apr 09 2026 - 01:28:01 EST

On Wed, Apr 08, 2026 at 01:59:59PM +0000, Sidong Yang wrote:
> The pdu field in io_uring_cmd may contain stale data when a request
> object is recycled from the slab cache. Accessing uninitialized or
> garbage memory can lead to undefined behavior in users of the pdu.

Who accesses this? If that happens, then yes this is a problem, but if
not, then there's no need for this change, right (i.e. either this is a
bug to be fixed now or not.)

> Ensure the pdu buffer is cleared during io_uring_cmd_prep() so that
> each command starts from a well-defined state. This avoids exposing
> uninitialized memory and prevents potential misinterpretation of data
> from previous requests.

Where is the memory exposed and who misinterprets it?

> No functional change is intended other than guaranteeing that pdu is
> always zero-initialized before use.

This strongly implies that this is not needed at all.

thanks,

greg k-h