Re: linux-stable-5.10-y CVE-2022-1508 of io_uring module

From: Pavel Begunkov
Date: Fri May 06 2022 - 11:57:43 EST

Next message: Dan Williams: "Re: [PATCH v3 00/21] TDX host kernel support"
Previous message: Marcel Ziswiler: "[PATCH v1 23/24] dt-bindings: arm: fsl: add toradex,colibri-imx7s/d/d-emmc-iris/-v2"
In reply to: Jens Axboe: "Re: linux-stable-5.10-y CVE-2022-1508 of io_uring module"
Next in thread: Jens Axboe: "Re: linux-stable-5.10-y CVE-2022-1508 of io_uring module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/6/22 03:16, Jens Axboe wrote:

On 5/5/22 8:11 AM, Guo Xuenan wrote:

Hi, Pavel & Jens

CVE-2022-1508[1] contains an patch[2] of io_uring. As Jones reported,
it is not enough only apply [2] to stable-5.10.
Io_uring is very valuable and active module of linux kernel.
I've tried to apply these two patches[3] [4] to my local 5.10 code, I
found my understanding of io_uring is not enough to resolve all conflicts.

Since 5.10 is an important stable branch of linux, we would appreciate
your help in solving this problem.

Yes, this really needs to get buttoned up for 5.10. I seem to recall
there was a reproducer for this that was somewhat saner than the
syzbot one (which doesn't do anything for me). Pavel, do you have one?

No, it was the only repro and was triggering the problem
just fine back then

--
Pavel Begunkov

Next message: Dan Williams: "Re: [PATCH v3 00/21] TDX host kernel support"
Previous message: Marcel Ziswiler: "[PATCH v1 23/24] dt-bindings: arm: fsl: add toradex,colibri-imx7s/d/d-emmc-iris/-v2"
In reply to: Jens Axboe: "Re: linux-stable-5.10-y CVE-2022-1508 of io_uring module"
Next in thread: Jens Axboe: "Re: linux-stable-5.10-y CVE-2022-1508 of io_uring module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]