Re: [PATCH] fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe

From: Jens Axboe
Date: Thu Aug 13 2020 - 10:56:37 EST

Next message: Steven Rostedt: "Re: [PATCH] softirq: add irq off checking for __raise_softirq_irqoff"
Previous message: Chuck Lever: "Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
In reply to: Liu Yong: "[PATCH] fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/13/20 12:56 AM, Liu Yong wrote:
> the commit <a4d61e66ee4a> ("<io_uring: prevent re-read of sqe->opcode>")
> caused another vulnerability. After io_get_req(), the sqe_submit struct
> in req is not initialized, but the following code defaults that
> req->submit.opcode is available.

Thanks, I'll add this for 5.4-stable, it doesn't affect any kernels newer
than that.

--
Jens Axboe

Next message: Steven Rostedt: "Re: [PATCH] softirq: add irq off checking for __raise_softirq_irqoff"
Previous message: Chuck Lever: "Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)"
In reply to: Liu Yong: "[PATCH] fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]