[SRU OEM-6.0 0/4] CVE-2023-2430
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Jun 14 21:56:03 UTC 2023
[Impact]
A race condition when sending a MSG_RING operation to an IOPOLL io_uring
may lead to incorrect behavior.
[Test case]
A test case was prepared where incorrect behavior was observed, indicating
a race condition. On 6.0, EAGAIN was observed indicating lock contention,
but successful results were also observed.
[Backport]
Except for the last one, all clean cherry-picks.
[Potential regression]
io_uring users relying on MSG_RING or IOPOLL would be affected.
Jens Axboe (2):
io_uring/msg_ring: move double lock/unlock helpers higher up
io_uring/msg_ring: fix missing lock on overflow for IOPOLL
Pavel Begunkov (2):
io_uring: get rid of double locking
io_uring: extract a io_msg_install_complete helper
io_uring/msg_ring.c | 135 +++++++++++++++++++++++++++-----------------
io_uring/msg_ring.h | 1 +
io_uring/opdef.c | 1 +
3 files changed, 84 insertions(+), 53 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list