[SRU][F/J/OEM-5.17][PATCH 0/1] CVE-2022-28893
Cengiz Can
cengiz.can at canonical.com
Mon Jul 4 18:23:05 UTC 2022
On 22-07-01 06:23:03, Thadeu Lima de Souza Cascardo wrote:
> On Fri, Jul 01, 2022 at 05:16:18AM +0300, Cengiz Can wrote:
> > [Impact]
> > The SUNRPC subsystem in the Linux kernel through 5.17.2 can call
> > xs_xprt_free before ensuring that sockets are in the intended state.
> >
> > Issue was introduced with 5.1 and fixed with 5.18.
> >
> > [Fix]
> > Fixing commit exports `__fput_sync` symbol for non-GPL and GPL users
> > with `EXPORT_SYMBOL(..)`. However we already have exported the same
> > symbol with `EXPORT_SYMBOL_GPL(..)` with a SAUCE patch. After
> > discussion, we decided to keep that export as GPL-only and ignore the
> > wider exports of fixing commit.
> >
> > [Test]
> > Compile and boot tested on focal, jammy and kinetic (oem-5.17).
> >
> > [Potential Regression]
> > It's hard to guess since the exact flow is not shared by author. However
> > unlikely to cause major issues since sunrpc is only used by NFS, KNFSD
> > and some other small parts.
> >
> > Meena Shanmugam (1):
> > SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
> >
> > net/sunrpc/xprt.c | 5 +----
> > net/sunrpc/xprtsock.c | 16 +++++++++++++---
> > 2 files changed, 14 insertions(+), 7 deletions(-)
> >
> > --
> > 2.34.1
> >
>
> What about commit aad41a7d7cf6c6fa804c872a2480f8e541da37cf ("SUNRPC: Don't leak
> sockets in xs_local_connect()")?
>
> It has
> Fixes: f00432063db1 ("SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()")
Thanks for noticing that. I incorrectly assumed that if there was a fix
to fix, it would be shared in OSS but lesson learnt.
v2 coming up.
>
> Cascardo.
More information about the kernel-team
mailing list