On Thu, Sep 01, 2022 at 04:25:46PM +0100, Pavel Begunkov wrote:
> On 9/1/22 16:16, Pavel Begunkov wrote:
> > Older kernels lack io_uring POLLFREE handling. As only affected files
> > are signalfd and android binder the safest option would be to disable
> > polling those files via io_uring and hope there are no users.
>
> It differs from how it's fixed upstream, but IMHO porting is too
> difficult to be reliable enough, this one is quick and simple.
> The upstream fix:
>
> commit 791f3465c4afde02d7f16cf7424ca87070b69396
> Author: Pavel Begunkov <asml.silence@xxxxxxxxx>
> Date: Fri Jan 14 11:59:10 2022 +0000
>
> io_uring: fix UAF due to missing POLLFREE handling
>
>
> I also forgot Fixes tag if required:
>
> Fixes: 221c5eb233823 ("io_uring: add support for IORING_OP_POLL")
I'll go add it by hand, all now queued up, thanks!
greg k-h
