From patchwork Mon Jan 22 18:24:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1889321 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TJdsn51mLz23f0 for ; Tue, 23 Jan 2024 05:24:28 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rRyy0-0007Jn-Cm; Mon, 22 Jan 2024 18:24:16 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rRyxy-0007JZ-Px for kernel-team@lists.ubuntu.com; Mon, 22 Jan 2024 18:24:14 +0000 Received: from mail-io1-f70.google.com (mail-io1-f70.google.com [209.85.166.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6D2A53FDA6 for ; Mon, 22 Jan 2024 18:24:14 +0000 (UTC) Received: by mail-io1-f70.google.com with SMTP id ca18e2360f4ac-7bef5e512b6so371214239f.2 for ; Mon, 22 Jan 2024 10:24:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705947853; x=1706552653; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LJGUYHC7zdPJvF4w+yhTXK+0s8NkUlSW6xzLYEQJwx4=; b=eZWYEQGSN+XsGfM86ohpvdkZIKjZsYVFPKgnR6akEGAuz8VuDE0NCZeoZJrlugVp0s g1JG2HE8ZwhJ29ofxNQckNpEUDpXr+0cRhJx0uTSIPEEShzKyaUECYFdgvMHEdosRK1T PrB3k6H9z94bpFdNKF+SPKf4BVdSjUX0WX3Kek9jo9lNXW/4wXh57Yty4NMhhulDVvci htegVqqOZT0wfSwXPC/6HlM2lGhHrx55/BO9nAeNHMMhuavniiItpcbsng5sFN+QffS2 4reoGqyZ1dg0y/gSwwMr9dsaHyZhdpTtwmuyyItrE7Gm/Pnh+gRaiAsHMWgsoeoHU5EE +lCg== X-Gm-Message-State: AOJu0Yx2Xr8AjnTZmMGfc7pNc4SGdWkzTZE/ZstX6ukvB1XmYvyhu0av kl1ax5cwWSssqlS5o6xOgS3NFQXV83qhpQQfFaSVqQ/byipqaYg5wuTH5ka86hUkrB4aPfZWILz V2XNnnMLowvpwMyL8pJGwJcNNEC3ueBcp/usCzk8ZqP1b8dnK/5HcjSB/lL6smW/pUCDGzrBRSo 4LhZqYi0CflQ== X-Received: by 2002:a05:6602:1b8a:b0:7bf:31fa:e007 with SMTP id dq10-20020a0566021b8a00b007bf31fae007mr5272061iob.7.1705947853083; Mon, 22 Jan 2024 10:24:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IEh0qyq8nvvzwVjk5F7CmiCBc6bh1WQLsBIiTgHP/neVRr8IbqgcSqZdcJIyM87IyeHGEyqqA== X-Received: by 2002:a05:6602:1b8a:b0:7bf:31fa:e007 with SMTP id dq10-20020a0566021b8a00b007bf31fae007mr5272055iob.7.1705947852846; Mon, 22 Jan 2024 10:24:12 -0800 (PST) Received: from smtp.gmail.com (104-218-69-19.dynamic.lnk.ne.allofiber.net. [104.218.69.19]) by smtp.gmail.com with ESMTPSA id k23-20020a5e8917000000b007bf47e40f4csm4324817ioj.36.2024.01.22.10.24.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 10:24:12 -0800 (PST) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][Lunar 0/2, Jammy 0/1] CVE-2023-46862 Date: Mon, 22 Jan 2024 13:24:08 -0500 Message-Id: <20240122182411.15417-1-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. [Fix] Lunar: Clean cherry-pick. Jammy: Manual backport of original fix commit. The structure of io_uring in Jammy is different from upstream, so I found where the chunk of code had been moved to in Jammy and directly applied the changes. [Test Case] Compile and boot test. [Regression Potential] Issues could occur during SQ thread exit races. Jens Axboe (2): io_uring/fdinfo: get rid of ref tryget io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid io_uring/fdinfo.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) Acked-by: Jacob Martin Acked-by: Stefan Bader