On 8/13/20 12:56 AM, Liu Yong wrote:
> the commit <a4d61e66ee4a> ("<io_uring: prevent re-read of sqe->opcode>")
> caused another vulnerability. After io_get_req(), the sqe_submit struct
> in req is not initialized, but the following code defaults that
> req->submit.opcode is available.Thanks, I'll add this for 5.4-stable, it doesn't affect any kernels newer than that. -- Jens Axboe
