CVE-2024-39508

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring/io-wq: Use set_bit() and test_bit() at worker-&gt;flags<br /> <br /> Utilize set_bit() and test_bit() on worker-&gt;flags within io_uring/io-wq<br /> to address potential data races.<br /> <br /> The structure io_worker-&gt;flags may be accessed through various data<br /> paths, leading to concurrency issues. When KCSAN is enabled, it reveals<br /> data races occurring in io_worker_handle_work and<br /> io_wq_activate_free_worker functions.<br /> <br /> BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker<br /> write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:<br /> io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)<br /> io_wq_worker (io_uring/io-wq.c:?)<br /> <br /> <br /> read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:<br /> io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)<br /> io_wq_enqueue (io_uring/io-wq.c:947)<br /> io_queue_iowq (io_uring/io_uring.c:524)<br /> io_req_task_submit (io_uring/io_uring.c:1511)<br /> io_handle_tw_list (io_uring/io_uring.c:1198)<br /> <br /> <br /> Line numbers against commit 18daea77cca6 ("Merge tag &amp;#39;for-linus&amp;#39; of<br /> git://git.kernel.org/pub/scm/virt/kvm/kvm").<br /> <br /> These races involve writes and reads to the same memory location by<br /> different tasks running on different CPUs. To mitigate this, refactor<br /> the code to use atomic operations such as set_bit(), test_bit(), and<br /> clear_bit() instead of basic "and" and "or" operations. This ensures<br /> thread-safe manipulation of worker flags.<br /> <br /> Also, move `create_index` to avoid holes in the structure.