io_uring: don't touch ctx in setup after ring fd install - kernel/linux.git

diff options

author	Jens Axboe <axboe@kernel.dk>	2019-10-28 18:15:33 +0300
committer	Jens Axboe <axboe@kernel.dk>	2019-10-28 18:15:33 +0300
commit	044c1ab399afbe9f2ebef49a3204ef1509826dc7 (patch)
tree	25b1ccdca5d8d48a99f2370144f797f56754866a /tools/perf/util/scripting-engines/trace-event-python.c
parent	7b20238d28da46f394d37d4d51cc420e1ff9414a (diff)
download	linux-044c1ab399afbe9f2ebef49a3204ef1509826dc7.tar.xz

io_uring: don't touch ctx in setup after ring fd install

syzkaller reported an issue where it looks like a malicious app can trigger a use-after-free of reading the ctx ->sq_array and ->rings value right after having installed the ring fd in the process file table. Defer ring fd installation until after we're done reading those values. Fixes: 75b28affdd6a ("io_uring: allocate the two rings together") Reported-by: syzbot+6f03d895a6cd0d06187f@syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>

Diffstat (limited to 'tools/perf/util/scripting-engines/trace-event-python.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: