ACK: [SRU Kinetic,OEM-6.1 0/4] CVE-2023-2430
Cengiz Can
cengiz.can at canonical.com
Wed Jun 14 13:41:05 UTC 2023
On Wed, 2023-06-14 at 07:42 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A race condition when sending a MSG_RING operation to an IOPOLL
> io_uring
> may lead to incorrect behavior.
>
> [Test case]
> A test case was prepared where incorrect behavior was observed,
> indicating
> a race condition.
>
> [Backport]
> For 6.1, some conflicts because of previous out-of-order backports
> were dealt with.
>
> For 5.19, lots of file movements and different changes required that
> the
> backport was written anew. It introduces the double_locking (which is
> not
> double anymore), just for the sake of locking the other ctx
> uring_lock when
> sending MSG_RING data.
>
> For 6.0, there were more clean cherry-picks compared to 6.1. However,
> the
> testing shows some other strange behavior and is being currently
> investigated.
>
> [Potential regression]
> io_uring users relying on MSG_RING or IOPOLL would be affected.
>
> Jens Axboe (2):
> io_uring/msg_ring: move double lock/unlock helpers higher up
> io_uring/msg_ring: fix missing lock on overflow for IOPOLL
>
> Pavel Begunkov (2):
> io_uring: get rid of double locking
> io_uring: extract a io_msg_install_complete helper
Seems like a huge amount of work.
Acked-by: Cengiz Can <cengiz.can at canonical.com>
>
> io_uring/msg_ring.c | 143 ++++++++++++++++++++++++++----------------
> --
> io_uring/msg_ring.h | 1 +
> io_uring/opdef.c | 1 +
> 3 files changed, 88 insertions(+), 57 deletions(-)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list