[SRU groovy 0/9] CVE-2021-3347
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Mar 9 17:03:23 UTC 2021
[Impact]
This fixes CVE-2021-3347, where userspace could provoke EFAULT during a futex
operation leading to inconsistent internal kernel state, which could then be
exploited. Privilege escalation cannot be ruled out.
[Test plan]
I tested stress-ng --futex, kselftest futex, glibc nptl tests, ltp futex tests,
perf bench futex, and some odd reproducers for past issues. No apparent
regressions.
[Potential regressions]
futex is used in pthreads. So, parallel programs that use futexes for mutual
exclusion can fail or deteriorate, with lockups, race conditions, or bad
performance.
[Fixes]
I ended up picking up some pre-req commits, rather than fixing up everything
with backports. Only one treewide commit was skipped and required a simple
backport. The pre-reqs were cleanups, rather than fixes for open bugs.
André Almeida (2):
futex: Remove put_futex_key()
futex: Remove needless goto's
Thomas Gleixner (7):
futex: Replace pointless printk in fixup_owner()
futex: Ensure the correct return value from futex_lock_pi()
futex: Provide and use pi_state_update_owner()
rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
futex: Use pi_state_update_owner() in put_pi_state()
futex: Simplify fixup_pi_state_owner()
futex: Handle faults correctly for PI futexes
kernel/futex.c | 300 ++++++++++++--------------------
kernel/locking/rtmutex.c | 3 +-
kernel/locking/rtmutex_common.h | 3 +-
3 files changed, 116 insertions(+), 190 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list