Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp2026568rwe; Fri, 2 Sep 2022 07:31:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR4RZ1z4xsfHAxa9lu3FRidCghJQYe69TG/J2DzrE5wBV5aKyVDRpdvoE3GyJ/XSS7GGEOEi X-Received: by 2002:a17:902:f790:b0:170:d401:66d2 with SMTP id q16-20020a170902f79000b00170d40166d2mr35864849pln.124.1662129111598; Fri, 02 Sep 2022 07:31:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662129111; cv=none; d=google.com; s=arc-20160816; b=IhLt7guJ3En+8KQ8Hc6VQ11YXK49dVbjSDFbLqX+q3TpQt+r6QEhTGoCyf4vMw78Iu 6m7xcbn2Q2/WjRUoC9848Y//i3ZHj7G/0ooFED8QJ9xL+ksBoFUQly2Iw4jlUSc0YjAb OcHPAeVmP9IC/hFN7t/P3ptUb80a8dGtOWLz9sXRoWtYP1SyQ0loyAO3l0INrZEqjQqQ ar+OgoOkOPWSMf9qXzKl8y7wGRnmeQvfK1dezasiX+6wxpmmKBk9OiJlzCnkL0V6nndh yY3a3tHxcsJfaVEnQVbWVSnmok1LU4VcDlU2SZjulD75MRuamGRX/tF8kjF1AtPFSEJf 7xNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PSVDkkNdfLEayAmr93mUr4zzbb1o7jdSQsmGkoGzFZo=; b=EOTxh51SOYqoFjXoj5MO317fVL0iCsGBjvYqpk8Q3gXW3vA+hDtRrE2NmmL+7eXL/k XNnpxc19HXR2VzE7JTm78llacA6M30YoJGO5ebkJi/wT/Zw/pQbtaPCDD/+rbk8/DxfY gqaMtlV7HwsXu8YwZjg+uwq1Bj/bT31OKS4ivJY0xGoguPm054hveRKNd7qaUdu6ANmT tsjBNXvDH5ofKhDw5LhYFNmVJRsRAcFZnUSUcSXeSanEZHl+u9zvRPHD5hP20Y9OYT5K +0zq87tqXY6bTRFLj6xu91yXQEg3bQsFSCNpO4Te+gJdAP7xhmNsXdrNP3ELtlZhE9pt tinQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xD5hvNG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l190-20020a6388c7000000b0041e2cc84562si1991984pgd.577.2022.09.02.07.31.36; Fri, 02 Sep 2022 07:31:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xD5hvNG0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238616AbiIBNG2 (ORCPT + 99 others); Fri, 2 Sep 2022 09:06:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238580AbiIBNGB (ORCPT ); Fri, 2 Sep 2022 09:06:01 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C7EBEA8AD; Fri, 2 Sep 2022 05:43:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 085A862194; Fri, 2 Sep 2022 12:31:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1B37C433D6; Fri, 2 Sep 2022 12:31:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1662121892; bh=exs1M14G2hFHIOYMQ8AYApY+iIFCvLSFnU0OjU75pHQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xD5hvNG0pn5RpVX/G8wsHM8LOHvXZ5dMcEWmxQUiK4zHfjK2R9inNbdA3DrQYaRDh +NEK2E66o24zNDCXCSqgG5eGYzWkXtlKh0TeTlER/TObxU608iOQ2TuTjt5BZlnyZj bJ71LFazFacGTIMFnGJoGVueb8qrQ1om66YrUnbI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Jens Axboe , Pavel Begunkov Subject: [PATCH 5.15 20/73] io_uring: bump poll refs to full 31-bits Date: Fri, 2 Sep 2022 14:18:44 +0200 Message-Id: <20220902121405.123856088@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220902121404.435662285@linuxfoundation.org> References: <20220902121404.435662285@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe [ upstream commmit e2c0cb7c0cc72939b61a7efee376206725796625 ] The previous commit: 1bc84c40088 ("io_uring: remove poll entry from list when canceling all") removed a potential overflow condition for the poll references. They are currently limited to 20-bits, even if we have 31-bits available. The upper bit is used to mark for cancelation. Bump the poll ref space to 31-bits, making that kind of situation much harder to trigger in general. We'll separately add overflow checking and handling. Fixes: aa43477b0402 ("io_uring: poll rework") Signed-off-by: Jens Axboe [pavel: backport] Signed-off-by: Pavel Begunkov Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -5314,7 +5314,7 @@ struct io_poll_table { }; #define IO_POLL_CANCEL_FLAG BIT(31) -#define IO_POLL_REF_MASK ((1u << 20)-1) +#define IO_POLL_REF_MASK GENMASK(30, 0) /* * If refs part of ->poll_refs (see IO_POLL_REF_MASK) is 0, it's free. We can