[SRU][F/J/OEM-5.17][PATCH v2 0/2] CVE-2022-28893
Cengiz Can
cengiz.can at canonical.com
Tue Jul 5 04:55:44 UTC 2022
[Impact]
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call
xs_xprt_free before ensuring that sockets are in the intended state.
Issue was introduced with 5.1 and fixed with 5.18.
[Fix]
Fixing commit exports `__fput_sync` symbol for non-GPL and GPL users
with `EXPORT_SYMBOL(..)`. However we already have exported the same
symbol with `EXPORT_SYMBOL_GPL(..)` with a SAUCE patch. After
discussion, we decided to keep that export as GPL-only and ignore the
wider exports of fixing commit.
Second patch supposedly fixes a new issue which was introduced with
the fix.
[Test]
Compile and boot tested on focal, jammy and jammy with oem-5.17.
[Potential Regression]
It's hard to guess since the exact flow is not shared by author. However
unlikely to cause major issues since sunrpc is only used by NFS, KNFSD
et al.
Trond Myklebust (2):
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
SUNRPC: Don't leak sockets in xs_local_connect()
net/sunrpc/xprt.c | 5 +----
net/sunrpc/xprtsock.c | 27 +++++++++++++++++++++++----
2 files changed, 24 insertions(+), 8 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list