ACK: [SRU Bionic 0/2] CVE-2020-36322 and CVE-2021-28950
Kelsey Skunberg
kelsey.skunberg at canonical.com
Thu Oct 14 00:00:58 UTC 2021
Acked-by: Kelsey Skunberg <kelsey.skunberg at canonical.com>
On 2021-10-13 16:18:54 , Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Unprivileged users could mount a fuse filesystem and trigger a BUG_ON or
> a soft lockup.
>
> [Test case]
> A test was found for the first issue, but not the second. The fix works for
> that first one.
>
> [Backport]
> The backport had a lot of conflicts due to context. As the nature of the fix
> was basically replacing is_bad_inode with fuse_is_bad and adding the check
> for fuse_is_bad, it is not that hard to review that the end result is as expected.
>
> [Potential regression]
> FUSE filesystems may lock up, trigger BUGs, or fail to respond. It is more
> likely to happen due to malicious actions. So, there is a chance that
> forcing bad inodes may lead to other potential hiccups.
>
> Amir Goldstein (1):
> fuse: fix live lock in fuse_iget()
>
> Miklos Szeredi (1):
> fuse: fix bad inode
>
> fs/fuse/acl.c | 6 ++++++
> fs/fuse/dir.c | 41 ++++++++++++++++++++++++++++++++++++-----
> fs/fuse/file.c | 21 ++++++++++++---------
> fs/fuse/fuse_i.h | 13 +++++++++++++
> fs/fuse/inode.c | 2 +-
> fs/fuse/xattr.c | 9 +++++++++
> 6 files changed, 77 insertions(+), 15 deletions(-)
>
> --
> 2.30.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list