Message ID | 20240122182411.15417-1-bethany.jamison@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-46862 | expand |
The backport note for the jammy patch should probably read: (backported from commit ...) The "manually" notation is not part of the typical format and seems to already be indicated by your note underneath it. Acked-by: Jacob Martin <jacob.martin@canonical.com> On Mon, Jan 22, 2024 at 01:24:08PM -0500, Bethany Jamison wrote: > [Impact] > > An issue was discovered in the Linux kernel through 6.5.9. During a > race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo > NULL pointer dereference can occur. > > [Fix] > > Lunar: Clean cherry-pick. > Jammy: Manual backport of original fix commit. The structure of > io_uring in Jammy is different from upstream, so I found where the > chunk of code had been moved to in Jammy and directly applied the > changes. > > [Test Case] > > Compile and boot test. > > [Regression Potential] > > Issues could occur during SQ thread exit races. > > Jens Axboe (2): > io_uring/fdinfo: get rid of ref tryget > io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid > > io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ > 1 file changed, 18 insertions(+), 18 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 22.01.24 19:24, Bethany Jamison wrote: > [Impact] > > An issue was discovered in the Linux kernel through 6.5.9. During a > race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo > NULL pointer dereference can occur. > > [Fix] > > Lunar: Clean cherry-pick. > Jammy: Manual backport of original fix commit. The structure of > io_uring in Jammy is different from upstream, so I found where the > chunk of code had been moved to in Jammy and directly applied the > changes. > > [Test Case] > > Compile and boot test. > > [Regression Potential] > > Issues could occur during SQ thread exit races. > > Jens Axboe (2): > io_uring/fdinfo: get rid of ref tryget > io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid > > io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ > 1 file changed, 18 insertions(+), 18 deletions(-) > Lunar goes EOL by Jan-25. There is no planned future update on it. For Jammy with emphasis on that "manually backported" must be amended when applying. Acked-by: Stefan Bader <stefan.bader@canonical.com>
On Tue, Jan 23, 2024 at 09:51:14AM +0100, Stefan Bader wrote: > On 22.01.24 19:24, Bethany Jamison wrote: > > [Impact] > > > > An issue was discovered in the Linux kernel through 6.5.9. During a > > race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo > > NULL pointer dereference can occur. > > > > [Fix] > > > > Lunar: Clean cherry-pick. > > Jammy: Manual backport of original fix commit. The structure of > > io_uring in Jammy is different from upstream, so I found where the > > chunk of code had been moved to in Jammy and directly applied the > > changes. > > > > [Test Case] > > > > Compile and boot test. > > > > [Regression Potential] > > > > Issues could occur during SQ thread exit races. > > > > Jens Axboe (2): > > io_uring/fdinfo: get rid of ref tryget > > io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid > > > > io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ > > 1 file changed, 18 insertions(+), 18 deletions(-) > > > Lunar goes EOL by Jan-25. There is no planned future update on it. For Jammy > with emphasis on that "manually backported" must be amended when applying. > > Acked-by: Stefan Bader <stefan.bader@canonical.com> > I usually advise that CVE fixes are backported to major versions until they are completely dead. And by that, I mean all kernels of that major version have been superseded in -updates and -security. We have had relied on promises of kernels being dead in the past, and that didn't work out well. Cascardo.
On 22.01.24 19:24, Bethany Jamison wrote: > [Impact] > > An issue was discovered in the Linux kernel through 6.5.9. During a > race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo > NULL pointer dereference can occur. > > [Fix] > > Lunar: Clean cherry-pick. > Jammy: Manual backport of original fix commit. The structure of > io_uring in Jammy is different from upstream, so I found where the > chunk of code had been moved to in Jammy and directly applied the > changes. > > [Test Case] > > Compile and boot test. > > [Regression Potential] > > Issues could occur during SQ thread exit races. > > Jens Axboe (2): > io_uring/fdinfo: get rid of ref tryget > io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid > > io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ > 1 file changed, 18 insertions(+), 18 deletions(-) > Applied to jammy:linux/master-next and also to Lunar but do not expect a release. Thanks. -Stefan