Attention is currently required from: jolly. laforge has uploaded a new patch set (#7) to the change originally created by jolly. ( https://gerrit.osmocom.org/c/libosmocore/+/35981?usp=email )
The following approvals got outdated and were removed: Verified+1 by Jenkins Builder The change is no longer submittable: Verified is unsatisfied now. Change subject: osmo_io_uring: Cancel pending request, free msghdr on completion ...................................................................... osmo_io_uring: Cancel pending request, free msghdr on completion There is always a completion after cancelling a uring request. Because uring requests use msghdr pointer as user data, we cannot just free the msghdr after cancelling. Upon completion (received after cancelling), the user data still points to the msghdr. To prevent a use-after-free bug, msghdr is not freed, but detached from iofd instance. Then upon completion, the msghdr (if it was detached from iofd) is freed. Additionally it is not required to keep IOFD_FLAG_IN_CALLBACK set anymore, if there is a msghdr attached to iofd. As described above, all msghdr get detached, if iofd is freed (uring request get cancelled) during callback. Related: OS#5751 Change-Id: Ic253f085dd6362db85f029f46350951472210a02 --- M src/core/osmo_io_uring.c 1 file changed, 43 insertions(+), 4 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/81/35981/7 -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/35981?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: Ic253f085dd6362db85f029f46350951472210a02 Gerrit-Change-Number: 35981 Gerrit-PatchSet: 7 Gerrit-Owner: jolly <andr...@eversberg.eu> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillm...@sysmocom.de> Gerrit-Reviewer: laforge <lafo...@osmocom.org> Gerrit-Attention: jolly <andr...@eversberg.eu> Gerrit-MessageType: newpatchset
