diff options
| author | Pavel Begunkov <asml.silence@gmail.com> | 2025-09-19 12:11:56 +0100 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2025-09-19 07:06:43 -0600 |
| commit | 2408d1783204920880f929a7a3087c76f5a59c13 (patch) | |
| tree | ae6520d8aada448fa1bf35b29e0802479eaa5568 | |
| parent | 31bf77dcc3810e08bcc7d15470e92cdfffb7f7f1 (diff) | |
io_uring/query: prevent infinite loops
If the query chain forms a cycle, the interface will loop indefinitely.
Make sure it handles fatal signals, so the user can kill the process and
hence break out of the infinite loop.
Fixes: c265ae75f900 ("io_uring: introduce io_uring querying")
Reported-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
| -rw-r--r-- | io_uring/query.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/io_uring/query.c b/io_uring/query.c index 9eed0f371956..c2183daf5a46 100644 --- a/io_uring/query.c +++ b/io_uring/query.c @@ -88,6 +88,10 @@ int io_query(struct io_ring_ctx *ctx, void __user *arg, unsigned nr_args) if (ret) return ret; uhdr = u64_to_user_ptr(next_hdr); + + if (fatal_signal_pending(current)) + return -EINTR; + cond_resched(); } return 0; } |