ACK: [SRU Impish,Hirsute,OEM-5.10,Focal,Bionic 0/2] CVE-2021-4083
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Mon Jan 24 08:51:40 UTC 2022
On 21/01/2022 15:26, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> A race condition during unix socket garbage collection may lead to a potential
> use-after-free for a struct file.
>
> [Backport]
> On 4.15 kernel, an additional commit was necessary. On 5.4 and 5.10 kernels,
> __fcheck_files was used instead, as it was renamed to files_lookup_fd_raw.
>
> This solution was also used on upstream stable backports.
>
> [Test case]
> There is no specific test case for this, but a stress on the unix garbage
> collection was tested.
>
> [Potential regression]
> These fixes impact every use of file descriptors, not only restricted to
> unix sockets. Some impact on workloads with races on creating and closing
> file descriptors is expected.
>
> Jens Axboe (1):
> fs: add fget_many() and fput_many()
>
> Linus Torvalds (1):
> fget: check that the fd still exists after getting a ref to it
>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list