Google Git
Sign in
cos / third_party / kernel / f6817273147c1f0184364f3966120eba5277693f
commitf6817273147c1f0184364f3966120eba5277693f[log] [tgz]
authorJens Axboe <axboe@kernel.dk>Sat Oct 28 07:30:27 2023 -0600
committerHe Gao <hegao@google.com>Fri Nov 10 19:33:15 2023 +0000
treee5f52c1e69a3aa14d87959c7933f484c841165dc
parent53c74b7f1edfd0c8f2d0376adc4136f2302b196f [diff]
io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

commit 7644b1a1c9a7ae8ab99175989bfc8676055edb46 upstream.

We could race with SQ thread exit, and if we do, we'll hit a NULL pointer
dereference when the thread is cleared. Grab the SQPOLL data lock before
attempting to get the task cpu and pid for fdinfo, this ensures we have a
stable view of it.

Cherry-pick to release branch to fix CVE-2023-46862

BUG=b/309761509
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2023-46862 in the Linux kernel.

Change-Id: Ia213f5c9fe293a61e41acd38f91065c1191b5858
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/61001
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Arnav Kansal <rnv@google.com>
1 file changed
tree: e5f52c1e69a3aa14d87959c7933f484c841165dc
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. google/
  9. include/
  10. init/
  11. io_uring/
  12. ipc/
  13. kernel/
  14. lib/
  15. LICENSES/
  16. mm/
  17. net/
  18. rust/
  19. samples/
  20. scripts/
  21. security/
  22. sound/
  23. tools/
  24. usr/
  25. virt/
  26. .clang-format
  27. .cocciconfig
  28. .get_maintainer.ignore
  29. .gitattributes
  30. .gitignore
  31. .mailmap
  32. .rustfmt.toml
  33. COPYING
  34. CREDITS
  35. Kbuild
  36. Kconfig
  37. MAINTAINERS
  38. Makefile
  39. PRESUBMIT.cfg
  40. README