Google Git
Sign in
cos / third_party / kernel / 19690e290ae314764ca51e951d5c61edda2cb757
commit19690e290ae314764ca51e951d5c61edda2cb757[log] [tgz]
authorJens Axboe <axboe@kernel.dk>Fri Apr 08 11:08:58 2022 -0600
committerRobert Kolchmeyer <rkolchmeyer@google.com>Fri Apr 22 23:45:40 2022 +0000
treebdc49d75b0665b11a8b215241d54f72e874d160f
parentebb3e77feb90f7bf903d21cb6cf8bdd49a24b395 [diff]
io_uring: fix race between timeout flush and removal

commit e677edbcabee849bfdd43f1602bccbecf736a646 upstream.

io_flush_timeouts() assumes the timeout isn't in progress of triggering
or being removed/canceled, so it unconditionally removes it from the
timeout list and attempts to cancel it.

Leave it on the list and let the normal timeout cancelation take care
of it.

Cc: stable@vger.kernel.org # 5.5+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2827328e646d0c2d3db1bfcad4b5f5016ce0d643)
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>

BUG=b/230111641
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2022-29580 in the Linux kernel.

cos-patch: security-high
Change-Id: I3a67ac34e0e5a03d6efb0f1d51f87bb93fca885b
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/32084
Reviewed-by: Roy Yang <royyang@google.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
1 file changed
tree: bdc49d75b0665b11a8b215241d54f72e874d160f
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. PRESUBMIT.cfg
  36. README