[SRU][L/K/J/F/OEM-5.17/OEM-6.0/OEM-6.1][PATCH 0/1] shiftfs: fix locking in shiftfs_create_object()
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed May 10 20:44:12 UTC 2023
[Impact]
In shiftfs_create_object() we use the lower dir inode operations without
properly locking the inode on the lower dir object.
When unprivileged user namespaces are enabled, which is the default, this
could be exploited by an unprivileged user to trigger system crashes or
soft lockups.
[Test case]
A PoC triggering a soft lockup was tested.
[Fix]
Make sure to properly lock the lower dir inode before accessing the
inode_operations object.
[Regression potential]
This patch only affects shiftfs, so we may only notice regressions with
shiftfs (even if the fix is pretty trivial).
More information about the kernel-team
mailing list