APPLIED [OEM-6.1] Re: [SRU Kinetic,OEM-6.1 0/4] CVE-2023-2430

[Timo Aaltonen]

Timo Aaltonen kirjoitti 20.6.2023 klo 15.31:
> Thadeu Lima de Souza Cascardo kirjoitti 14.6.2023 klo 13.42:
>> [Impact]
>> A race condition when sending a MSG_RING operation to an IOPOLL io_uring
>> may lead to incorrect behavior.
>>
>> [Test case]
>> A test case was prepared where incorrect behavior was observed, 
>> indicating
>> a race condition.
>>
>> [Backport]
>> For 6.1, some conflicts because of previous out-of-order backports 
>> were dealt with.
>>
>> For 5.19, lots of file movements and different changes required that the
>> backport was written anew. It introduces the double_locking (which is not
>> double anymore), just for the sake of locking the other ctx uring_lock 
>> when
>> sending MSG_RING data.
>>
>> For 6.0, there were more clean cherry-picks compared to 6.1. However, the
>> testing shows some other strange behavior and is being currently 
>> investigated.
>>
>> [Potential regression]
>> io_uring users relying on MSG_RING or IOPOLL would be affected.
>>
>> Jens Axboe (2):
>>    io_uring/msg_ring: move double lock/unlock helpers higher up
>>    io_uring/msg_ring: fix missing lock on overflow for IOPOLL
>>
>> Pavel Begunkov (2):
>>    io_uring: get rid of double locking
>>    io_uring: extract a io_msg_install_complete helper
>>
>>   io_uring/msg_ring.c | 143 ++++++++++++++++++++++++++------------------
>>   io_uring/msg_ring.h |   1 +
>>   io_uring/opdef.c    |   1 +
>>   3 files changed, 88 insertions(+), 57 deletions(-)
>>
> 
> applied to oem-6.1, thanks

and let's be explicit about that in the Subject.

-- 
t