A vulnerability has been resolved in the Linux kernel that affects the io_uring/sqpoll implementation. This vulnerability was identified and fixed to ensure proper task state management when running task_work. In this post, we will cover the vulnerability in detail, provide a code snippet demonstrating the fix, and link to the original references for further information.

Vulnerability Details

The vulnerability appears when the sqpoll is exiting and cancels pending work items. In some cases, it may need to run task_work within io_uring_cancel_generic(). When this happens, a potential issue arises: the ring mutex may be attempted to grab while in a TASK_INTERRUPTIBLE state, which can result in an undesirable scenario as shown in the error message provided in the original content above.

To address this vulnerability, the task state is set appropriately, simlilarly to how it's done for other cases in io_run_task_work() function.

The following is the code change in the Linux kernel that fixes the vulnerability

io_uring_cancel_generic(),
...
{
  ...
  // Ensure that the task state is TASK_RUNNING when running
  // task_work. This prevents grabbing the ring mutex while
  // in a TASK_INTERRUPTIBLE state.
  set_task_state(current, TASK_RUNNING);
  ...
}

Original References

1. Linux Kernel Mailing List (LKML) Commit
2. Linux Kernel Source Code (io_uring_cancel_generic())

Exploit Details

As of now, there have not been any known exploits targeting this specific vulnerability. It is recommended to keep the Linux kernel up-to-date with the latest patches and security updates available. The fix applied to this vulnerability ensures that task management is more robust and reduces the chances of potential issues related to task state manipulation.

Conclusion

The Linux kernel vulnerability CVE-2024-50079, affecting the io_uring/sqpoll implementation, has now been resolved. By ensuring proper task state management when running task_work, the Linux kernel becomes less prone to potential issues related to blocked operations and incorrect state manipulation. To guarantee an up-to-date and less vulnerable Linux kernel installation, it is important to be aware of these updates and apply them accordingly.

Timeline

Published on: 10/29/2024 01:15:04 UTC
Last modified on: 10/30/2024 17:05:40 UTC