APPLIED Re: [SRU Kinetic,OEM-6.1 0/4] CVE-2023-2430

[Timo Aaltonen]

Thadeu Lima de Souza Cascardo kirjoitti 14.6.2023 klo 13.42:
> [Impact]
> A race condition when sending a MSG_RING operation to an IOPOLL io_uring
> may lead to incorrect behavior.
> 
> [Test case]
> A test case was prepared where incorrect behavior was observed, indicating
> a race condition.
> 
> [Backport]
> For 6.1, some conflicts because of previous out-of-order backports were dealt with.
> 
> For 5.19, lots of file movements and different changes required that the
> backport was written anew. It introduces the double_locking (which is not
> double anymore), just for the sake of locking the other ctx uring_lock when
> sending MSG_RING data.
> 
> For 6.0, there were more clean cherry-picks compared to 6.1. However, the
> testing shows some other strange behavior and is being currently investigated.
> 
> [Potential regression]
> io_uring users relying on MSG_RING or IOPOLL would be affected.
> 
> Jens Axboe (2):
>    io_uring/msg_ring: move double lock/unlock helpers higher up
>    io_uring/msg_ring: fix missing lock on overflow for IOPOLL
> 
> Pavel Begunkov (2):
>    io_uring: get rid of double locking
>    io_uring: extract a io_msg_install_complete helper
> 
>   io_uring/msg_ring.c | 143 ++++++++++++++++++++++++++------------------
>   io_uring/msg_ring.h |   1 +
>   io_uring/opdef.c    |   1 +
>   3 files changed, 88 insertions(+), 57 deletions(-)
> 

applied to oem-6.1, thanks

-- 
t