NACK/Cmnt: [SRU][Focal][PATCH 0/1] CVE-2023-2269

Stefan Bader stefan.bader at canonical.com
Wed Aug 2 09:18:54 UTC 2023 

On 28.07.23 21:40, Yuxuan Luo wrote:
> [Impact]
> A denial of service problem was found, due to a possible recursive
> locking scenario, resulting in a deadlock in table_clear in
> drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing
> sub-component.
> 
> [Backport]
> Clean cherry pick.
> 
> [Test]
> Tested against the following script to verify that the verity
> functionality is not broken and ioctl is still working as intended:
> 
> ```bash
> IMG_SIZE=50M
> VERITY_DEV=''
> HASH_DEV=''
> TARGET_DIR=/mnt/dmtest
> ROOT_HASH=''
> PARAM=''
> 
> # Prepare two loop devices
> truncate -s $IMG_SIZE verity.img hash.img
> 
> losetup -f verity.img
> VERITY_DEV=$(sudo losetup -j verity.img | awk -F: '{print $1}')
> losetup -f hash.img
> HASH_DEV=$(sudo losetup -j hash.img | awk -F: '{print $1}')
> 
> # Create the verity device
> ROOT_HASH=`veritysetup format $VERITY_DEV $HASH_DEV
>            | tail -n 1
>            | awk '{print $3}'`
> veritysetup create vroot $VERITY_DEV $HASH_DEV $ROOT_HASH
> 
> # Reload the verity device
> PARAM=$(sudo dmsetup table | awk '{ret = $2 " " $3; print ret}')
> dmsetup suspend vroot
> 
> # Expect this command to fail
> dmsetup reload vroot --table "$PARAM linear $VERITY_DEV 0"
> ```
> 
> [Potential Regression]
> Expect low regression potential.
> 
> Mike Snitzer (1):
>    dm ioctl: fix nested locking in table_clear() to remove deadlock
>      concern
> 
>   drivers/md/dm-ioctl.c | 7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 

Rejected for the following reasons:
Patch was already applied (could reverse-apply) to Focal as a pending 
stable commit. I have just adjusted the existing commit message to 
include the CVE number.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230802/1c18fd04/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230802/1c18fd04/attachment-0001.sig>

More information about the kernel-team mailing list