APPLIED[K]/REJECT[J/F]: [SRU][K/J/F][PATCH 0/3] CVE-2022-4269

Stefan Bader stefan.bader at canonical.com
Thu May 11 09:46:31 UTC 2023 

On 10.05.23 01:50, Yuxuan Luo wrote:
> [Impact]
> A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
> a specific networking configuration (redirecting egress packets to ingress
> using TC action "mirred") a local unprivileged user could trigger a CPU
> soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
> SCTP) does a retransmission, resulting in a denial of service condition.
> 
> [Backport]
> For Kinetic and Jammy, the fix commit is a clean cherry pick, but build error
> occurs at `mirred_nest_level` not found. In order to fix this problem, backport
> 78dcdffe0418 (“net/sched: act_mirred: better wording on protection against
> excessive stack growth”), this commit renamed some variables, which solves
> the error of the fix commit.
> 
> For Focal, in addition to the commits above, three commits have to be backported
> to solve a conflict, 1d14b30b5a5e, fa6d639930ee, and ef816f3c49c1. Then,
> backport the part that affects `act_mirred.c` in the 26b537a88ca5 commit to
> introduce the required `tcf_action_inc_overlimit_qstats()` function.
> 
> [Test]
> Compile and smoke tested.
> 
> [Potential Regression]
> Expecting really low potential regression for Kinetic and Jammy as the two
> commits only refactor and add some checks.
> For Focal, the additional four commits mainly aim at refactoring and introduce
> a function that only has one caller, so the regression potential should not be
> higher by a significant amount.
> 
> Davide Caratti (1):
>    act_mirred: use the backlog for nested calls to mirred ingress
> 
>   net/sched/act_mirred.c                        |  7 +++
>   .../selftests/net/forwarding/tc_actions.sh    | 49 ++++++++++++++++++-
>   2 files changed, 55 insertions(+), 1 deletion(-)
> 

Applied to kinetic:linux/master-next. But what is on the list does not 
apply cleanly to neither Jammy nor Focal. Jammy is minor in patch 1/2 
and about Jammy not having defined the same tests... For Focal I get the 
impression that you mention the absence of tcf_mirred_forward() but have 
not adjusted accordingly. Please submit those again in a manner that 
applies cleanly. Thanks.

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230511/88f30158/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230511/88f30158/attachment-0001.sig>

More information about the kernel-team mailing list