Re: [PATCH 1/2] aio: fix aio request leak when events are reaped by userspace

From: Jeff Moyer
Date: Tue Jun 24 2014 - 14:20:20 EST

Next message: Jiri Olsa: "Re: [PATCH 2/4] perf timechart: implement IO mode"
Previous message: Andy Lutomirski: "Re: [tip:x86/urgent] x86/vdso: Discard the __bug_table section"
In reply to: Benjamin LaHaise: "[PATCH 1/2] aio: fix aio request leak when events are reaped by userspace"
Next in thread: Benjamin LaHaise: "[PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Benjamin LaHaise <bcrl@xxxxxxxxx> writes:

> The aio cleanups and optimizations by kmo that were merged into the 3.10
> tree added a regression for userspace event reaping. Specifically, the
> reference counts are not decremented if the event is reaped in userspace,
> leading to the application being unable to submit further aio requests.
> This patch applies to 3.12+. A separate backport is required for 3.10/3.11.
> This issue was uncovered as part of CVE-2014-0206.
>
> Signed-off-by: Benjamin LaHaise <bcrl@xxxxxxxxx>

Reviewed-by: Jeff Moyer <jmoyer@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Olsa: "Re: [PATCH 2/4] perf timechart: implement IO mode"
Previous message: Andy Lutomirski: "Re: [tip:x86/urgent] x86/vdso: Discard the __bug_table section"
In reply to: Benjamin LaHaise: "[PATCH 1/2] aio: fix aio request leak when events are reaped by userspace"
Next in thread: Benjamin LaHaise: "[PATCH 2/2] aio: fix kernel memory disclosure in io_getevents() introduced in v3.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]