On 9/2/22 07:13, Greg KH wrote:
On Thu, Sep 01, 2022 at 04:25:46PM +0100, Pavel Begunkov wrote:
On 9/1/22 16:16, Pavel Begunkov wrote:
Older kernels lack io_uring POLLFREE handling. As only affected files
are signalfd and android binder the safest option would be to disable
polling those files via io_uring and hope there are no users.
It differs from how it's fixed upstream, but IMHO porting is too
difficult to be reliable enough, this one is quick and simple.
The upstream fix:
commit 791f3465c4afde02d7f16cf7424ca87070b69396
Author: Pavel Begunkov <asml.silence@xxxxxxxxx>
Date: Fri Jan 14 11:59:10 2022 +0000
io_uring: fix UAF due to missing POLLFREE handling
I also forgot Fixes tag if required:
Fixes: 221c5eb233823 ("io_uring: add support for IORING_OP_POLL")
I'll go add it by hand, all now queued up, thanks!
Perfect, thanks greg
--
Pavel Begunkov
