ACK: [SRU][F/J/M][PATCH 0/2] CVE-2024-26624

Manuel Diewald manuel.diewald at canonical.com
Wed Mar 27 14:55:54 UTC 2024 

On Wed, Mar 27, 2024 at 01:55:07PM +0100, Manuel Diewald wrote:
> On Tue, Mar 26, 2024 at 08:18:33PM -0400, Yuxuan Luo wrote:
> > [Impact]
> > A potential deadlock is found in the AF_UNIX subsystem, the scenario is
> > shown below:
> > 
> >       CPU0                    CPU1
> >       ----                    ----
> >  lock(&u->lock/1);
> >                               lock(rlock-AF_UNIX);
> >                               lock(&u->lock/1);
> >  lock(rlock-AF_UNIX);
> > 
> > *** DEADLOCK ***
> > Such deadlock could lead to serious denial of service and system crash.
> > 
> > [Backport]
> > The fix is a clean cherry pick.
> > 
> > However, the modified function has been copied to our own trees
> > (security/apparmor/af_unix.c), therefore, a sauce patch is needed to
> > synchronize the change.
> > 
> > [Test]
> > Compile and boot tested.
> > 
> > [Where things could go wrong]
> > The fix touches af_unix.c which means most of the use case are affected.
> > However, what this fix does is to add "an identifier" to the locks to
> > avoid potential deadlock without touching working logic; plus, this fix
> > has been backported to multiple stable trees, expect very low regression
> > potential. If such happens, it is probably a denial of service.
> > 
> > Eric Dumazet (1):
> >   af_unix: fix lockdep positive in sk_diag_dump_icons()
> > 
> > Yuxuan Luo (1):
> >   UBUNTU: SAUCE: af_unix: fix lockdep positive in sk_diag_dump_icons()
> > 
> >  include/net/af_unix.h       | 20 ++++++++++++++------
> >  net/unix/af_unix.c          | 14 ++++++--------
> >  net/unix/diag.c             |  2 +-
> >  security/apparmor/af_unix.c | 12 +++++-------
> >  4 files changed, 26 insertions(+), 22 deletions(-)
> > 
> > -- 
> > 2.34.1
> > 
> > 
> > -- 
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 
> This is part of upstream stable updates that have been applied to focal
> and jammy already:
> 
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2059014
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2058948
> 
> I am currently preparing a mantic patchset that also carries this fix
> which will be submitted to the mailing list shortly.
> 
> -- 
>  Manuel

Revoking the NACK. In agreement with the stable team, this patch should
be accepted and CVE numbers will be amended to the commit messages.

Acked-by: Manuel Diewald <manuel.diewald at canonical.com>

-- 
 Manuel

More information about the kernel-team mailing list