[SRU][Focal][PATCH 0/1] CVE-2023-2269
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Jul 28 19:40:15 UTC 2023
[Impact]
A denial of service problem was found, due to a possible recursive
locking scenario, resulting in a deadlock in table_clear in
drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing
sub-component.
[Backport]
Clean cherry pick.
[Test]
Tested against the following script to verify that the verity
functionality is not broken and ioctl is still working as intended:
```bash
IMG_SIZE=50M
VERITY_DEV=''
HASH_DEV=''
TARGET_DIR=/mnt/dmtest
ROOT_HASH=''
PARAM=''
# Prepare two loop devices
truncate -s $IMG_SIZE verity.img hash.img
losetup -f verity.img
VERITY_DEV=$(sudo losetup -j verity.img | awk -F: '{print $1}')
losetup -f hash.img
HASH_DEV=$(sudo losetup -j hash.img | awk -F: '{print $1}')
# Create the verity device
ROOT_HASH=`veritysetup format $VERITY_DEV $HASH_DEV
| tail -n 1
| awk '{print $3}'`
veritysetup create vroot $VERITY_DEV $HASH_DEV $ROOT_HASH
# Reload the verity device
PARAM=$(sudo dmsetup table | awk '{ret = $2 " " $3; print ret}')
dmsetup suspend vroot
# Expect this command to fail
dmsetup reload vroot --table "$PARAM linear $VERITY_DEV 0"
```
[Potential Regression]
Expect low regression potential.
Mike Snitzer (1):
dm ioctl: fix nested locking in table_clear() to remove deadlock
concern
drivers/md/dm-ioctl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list