APPLIED[L/K/J/F]: [SRU][L/K/J/F/OEM-5.17/OEM-6.0/OEM-6.1][PATCH 0/1] shiftfs: fix locking in shiftfs_create_object()
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu May 11 16:19:35 UTC 2023
Applied to lunar, kinetic, jammy, focal linux master-next
Thanks,
- Luke
On Wed, May 10, 2023 at 10:44 PM Thadeu Lima de Souza Cascardo <
cascardo at canonical.com> wrote:
> [Impact]
>
> In shiftfs_create_object() we use the lower dir inode operations without
> properly locking the inode on the lower dir object.
>
> When unprivileged user namespaces are enabled, which is the default, this
> could be exploited by an unprivileged user to trigger system crashes or
> soft lockups.
>
> [Test case]
>
> A PoC triggering a soft lockup was tested.
>
> [Fix]
>
> Make sure to properly lock the lower dir inode before accessing the
> inode_operations object.
>
> [Regression potential]
>
> This patch only affects shiftfs, so we may only notice regressions with
> shiftfs (even if the fix is pretty trivial).
>
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230511/89a64703/attachment.html>
More information about the kernel-team
mailing list