superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

io_uring/query: prevent infinite loops 

If the query chain forms a cycle, the interface will loop indefinitely.
Make sure it handles fatal signals, so the user can kill the process and
hence break out of the infinite loop.

Fixes: c265ae75f9 ("io_uring: introduce io_uring querying")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
pull/1354/merge
Pavel Begunkov 2025-09-19 12:11:56 +01:00 committed by Jens Axboe
parent 31bf77dcc3
commit 2408d17832
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
io_uring/query.c
View File

@ -88,6 +88,10 @@ int io_query(struct io_ring_ctx *ctx, void __user *arg, unsigned nr_args)
if (ret) if (ret)
return ret; return ret;
uhdr = u64_to_user_ptr(next_hdr); uhdr = u64_to_user_ptr(next_hdr);
if (fatal_signal_pending(current))
return -EINTR;
cond_resched();
} }
return 0; return 0;
} }