ACK: [SRU][J/F][PATCH 0/2] CVE-2024-38570

Manuel Diewald manuel.diewald at canonical.com
Tue Aug 20 08:43:55 UTC 2024 

On Fri, Aug 16, 2024 at 01:07:50PM -0500, Bethany Jamison wrote:
> [Impact]
> 
> gfs2: Fix potential glock use-after-free on unmount
> 
> When a DLM lockspace is released and there are still locks in that
> lockspace, DLM will unlock those locks automatically.  Commit
> fb6791d started exploiting this behavior to speed up filesystem
> unmount: gfs2 would simply free glocks it didn't want to unlock and then
> release the lockspace.  This didn't take the bast callbacks for
> asynchronous lock contention notifications into account, which remain
> active until until a lock is unlocked or its lockspace is released.
> 
> To prevent those callbacks from accessing deallocated objects, put the
> glocks that should not be unlocked on the sd_dead_glocks list, release
> the lockspace, and only then free those glocks.
> 
> As an additional measure, ignore unexpected ast and bast callbacks if
> the receiving glock is dead.
> 
> [Fix]
> 
> Noble:	released
> Jammy:	Cleanly cherry-picked prereq commit, backported fix commit: 
> 	context conflicts from neighboring lines, shouldn't affect the
> 	fix changes
> Focal:	same as Jammy put with slightly different neighboring context
> 	conflicts so the Jammy patch unfortunatly couldn't be applied
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	won't fix
> 
> [Test Case]
> 
> Compiled
> 
> [Where problems could occur]
> 
> This fix affects those who use GFS2 (Global File System 2), an issue
> with this fix would be visible to the user via unexpected system 
> behavior or a system crash.
> 
> Andreas Gruenbacher (2):
>   gfs2: Rename sd_{ glock => kill }_wait
>   gfs2: Fix potential glock use-after-free on unmount
> 
>  fs/gfs2/glock.c      | 41 +++++++++++++++++++++++++++++++++++------
>  fs/gfs2/glock.h      |  1 +
>  fs/gfs2/incore.h     |  3 ++-
>  fs/gfs2/lock_dlm.c   | 12 +++++++++++-
>  fs/gfs2/ops_fstype.c |  3 ++-
>  fs/gfs2/super.c      |  3 ---
>  6 files changed, 51 insertions(+), 12 deletions(-)
> 
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Manuel Diewald <manuel.diewald at canonical.com>

-- 
 Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240820/98592b93/attachment-0001.sig>

More information about the kernel-team mailing list