Re: [PATCH] io_uring: Enable KASAN for request cache

From: Jens Axboe
Date: Fri Jan 20 2023 - 10:39:27 EST

Next message: Elliott, Robert (Servers): "RE: [PATCH 1/2] virtio-rng: implement entropy leak feature"
Previous message: Liviu Dudau: "Re: [PATCH v3 3/3] drm: Convert users of drm_of_component_match_add to component_match_add_of"
In reply to: Pavel Begunkov: "Re: [PATCH] io_uring: Enable KASAN for request cache"
Next in thread: Jens Axboe: "Re: [PATCH] io_uring: Enable KASAN for request cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/20/23 8:09 AM, Pavel Begunkov wrote:
> On 1/18/23 15:56, Breno Leitao wrote:
>> Every io_uring request is represented by struct io_kiocb, which is
>> cached locally by io_uring (not SLAB/SLUB) in the list called
>> submit_state.freelist. This patch simply enabled KASAN for this free
>> list.
>>
>> This list is initially created by KMEM_CACHE, but later, managed by
>> io_uring. This patch basically poisons the objects that are not used
>> (i.e., they are the free list), and unpoisons it when the object is
>> allocated/removed from the list.
>>
>> Touching these poisoned objects while in the freelist will cause a KASAN
>> warning.
>
> Doesn't apply cleanly to for-6.3/io_uring, but otherwise looks good
>
> Reviewed-by: Pavel Begunkov <asml.silence@xxxxxxxxx>

I ran testing on this yesterday and noticed the same thing, just a
trivial fuzz reject. I can fix it up while applying. Thanks for
reviewing!

--
Jens Axboe

Next message: Elliott, Robert (Servers): "RE: [PATCH 1/2] virtio-rng: implement entropy leak feature"
Previous message: Liviu Dudau: "Re: [PATCH v3 3/3] drm: Convert users of drm_of_component_match_add to component_match_add_of"
In reply to: Pavel Begunkov: "Re: [PATCH] io_uring: Enable KASAN for request cache"
Next in thread: Jens Axboe: "Re: [PATCH] io_uring: Enable KASAN for request cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]