[SRU X/B/D/E/F 0/2] CVE-2020-12114

[Thadeu Lima de Souza Cascardo]

On Thu, May 14, 2020 at 11:51:06AM +0200, Kleber Souza wrote:
> On 14.05.20 02:35, Thadeu Lima de Souza Cascardo wrote:
> > From CVE description:
> >  A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x
> >  before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before
> >  4.19.119, and 5.x before 5.3 allows local users to cause a denial of
> >  service (panic) by corrupting a mountpoint reference counter.
> > 
> > Commit "fs/namespace.c: fix mountpoint reference counter race" was applied to
> > the stable series referenced above not coming from an upstream commit. That's
> > why it doesn't have an upstream commit.
> 
> Should we add instead a reference such as:
> 
> "(cherry-picked from commit f511dc75d22e0c000fc70b54f670c2c17f5fba9a linux-4.19.y)"
> 
> ?

Yes, I think that's a fine addition there. Thanks. Can you add that as
backported for X/B/D? It was a simple context fix.

Cascardo.

> 
> > 
> > I decided against prefixing the title with "UBUNTU: SAUCE:" because as this
> > might be applied to Xenial as coming from 4.4.x, it will not be prefixed as
> > such, and then we would have more than one title to match as a fix.
> > 
> > I tested pivot_root under mount namespaces and user namespaces, and smoke
> > tested lxd, snapd and docker as well.
> > 
> > Al Viro (1):
> >   propagate_one(): mnt_set_mountpoint() needs mount_lock
> > 
> > Piotr Krysiuk (1):
> >   fs/namespace.c: fix mountpoint reference counter race
> > 
> >  fs/namespace.c | 2 +-
> >  fs/pnode.c     | 9 ++++-----
> >  2 files changed, 5 insertions(+), 6 deletions(-)
> > 
>