io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid (!3292) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Wander Lairson Costa requested to merge walac/centos-stream-9:j14998-null-ptr into main Oct 30, 2023

JIRA: https://issues.redhat.com/browse/RHEL-14998

CVE: CVE-2023-46862

commit 7644b1a1c9a7ae8ab99175989bfc8676055edb46

Date: Sat Oct 21 12:30:29 2023 -0600

    io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

    We could race with SQ thread exit, and if we do, we'll hit a NULL pointer
    dereference when the thread is cleared. Grab the SQPOLL data lock before
    attempting to get the task cpu and pid for fdinfo, this ensures we have a
    stable view of it.

    Cc: stable@vger.kernel.org
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=218032
    Reviewed-by: Gabriel Krisman Bertazi <krisman@suse.de>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

Signed-off-by: Wander Lairson Costa wander@redhat.com

7cd62d34 (Wander Lairson Costa) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

e478568d (Wander Lairson Costa) io_uring/fdinfo: get rid of ref tryget

io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-)

Edited Oct 30, 2023 by Wander Lairson Costa

io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

Merge request reports