ACK: [SRU][F/J/OEM-5.17][PATCH v2 0/2] CVE-2022-28893
Tim Gardner
tim.gardner at canonical.com
Tue Jul 5 14:26:21 UTC 2022
On 7/4/22 22:55, Cengiz Can wrote:
> [Impact]
> The SUNRPC subsystem in the Linux kernel through 5.17.2 can call
> xs_xprt_free before ensuring that sockets are in the intended state.
>
> Issue was introduced with 5.1 and fixed with 5.18.
>
> [Fix]
> Fixing commit exports `__fput_sync` symbol for non-GPL and GPL users
> with `EXPORT_SYMBOL(..)`. However we already have exported the same
> symbol with `EXPORT_SYMBOL_GPL(..)` with a SAUCE patch. After
> discussion, we decided to keep that export as GPL-only and ignore the
> wider exports of fixing commit.
>
> Second patch supposedly fixes a new issue which was introduced with
> the fix.
>
> [Test]
> Compile and boot tested on focal, jammy and jammy with oem-5.17.
>
> [Potential Regression]
> It's hard to guess since the exact flow is not shared by author. However
> unlikely to cause major issues since sunrpc is only used by NFS, KNFSD
> et al.
>
> Trond Myklebust (2):
> SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
> SUNRPC: Don't leak sockets in xs_local_connect()
>
> net/sunrpc/xprt.c | 5 +----
> net/sunrpc/xprtsock.c | 27 +++++++++++++++++++++++----
> 2 files changed, 24 insertions(+), 8 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list