ACK: [SRU][L/K/J/F/OEM-5.17/OEM-6.0/OEM-6.1][PATCH 0/1] shiftfs: fix locking in shiftfs_create_object()
Cory Todd
cory.todd at canonical.com
Wed May 10 20:55:51 UTC 2023
On Wed, May 10, 2023 at 05:44:12PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>
> In shiftfs_create_object() we use the lower dir inode operations without
> properly locking the inode on the lower dir object.
>
> When unprivileged user namespaces are enabled, which is the default, this
> could be exploited by an unprivileged user to trigger system crashes or
> soft lockups.
>
> [Test case]
>
> A PoC triggering a soft lockup was tested.
>
> [Fix]
>
> Make sure to properly lock the lower dir inode before accessing the
> inode_operations object.
>
> [Regression potential]
>
> This patch only affects shiftfs, so we may only notice regressions with
> shiftfs (even if the fix is pretty trivial).
>
>
>
> --
Acked-by: Cory Todd <cory.todd at canonical.com>
More information about the kernel-team
mailing list