Re: [syzbot] [io-uring?] KASAN: null-ptr-deref Write in sys_io_uring_register
From: Jens Axboe
Date: Wed Dec 04 2024 - 15:35:05 EST
On 12/4/24 11:39 AM, Tamir Duberstein wrote:
> On Wed, Dec 4, 2024 at 11:30 AM Tamir Duberstein <tamird@xxxxxxxxx> wrote:
>>
>> On Wed, Dec 4, 2024 at 11:25 AM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>>>
>>> On Wed, Dec 04, 2024 at 09:17:27AM -0700, Jens Axboe wrote:
>>>>> XA_STATE(xas, xa, index);
>>>>> - return xas_result(&xas, xas_store(&xas, NULL));
>>>>> + return xas_result(&xas, xa_zero_to_null(xas_store(&xas, NULL)));
>>>>> }
>>>>> EXPORT_SYMBOL(__xa_erase);
>>>>>
>>>>> This would explain deletion of a reserved entry returning
>>>>> `XA_ZERO_ENTRY` rather than `NULL`.
>>>>
>>>> Yep this works.
>>>>
>>>>> My apologies for this breakage. Should I send a new version? A new
>>>>> "fixes" patch?
>>>>
>>>> Since it seems quite drastically broken, and since it looks like Andrew
>>>> is holding it, seems like the best course of action would be to have it
>>>> folded with the existing patch.
>
> Is there anything I can do to help with this?
I think Andrew will just fold it in once he sees this thread - but if you
want to be sure, I'd send it out separately with a note below the '---'
line asking him to fold it with the problematic patch.
--
Jens Axboe