APPLIED [OEM-5.17/OEM-6.0/OEM-6.1] Re: [SRU][L/K/J/F/OEM-5.17/OEM-6.0/OEM-6.1][PATCH 0/1] shiftfs: fix locking in shiftfs_create_object()
Timo Aaltonen
tjaalton at ubuntu.com
Thu May 18 12:00:52 UTC 2023
Thadeu Lima de Souza Cascardo kirjoitti 10.5.2023 klo 23.44:
> [Impact]
>
> In shiftfs_create_object() we use the lower dir inode operations without
> properly locking the inode on the lower dir object.
>
> When unprivileged user namespaces are enabled, which is the default, this
> could be exploited by an unprivileged user to trigger system crashes or
> soft lockups.
>
> [Test case]
>
> A PoC triggering a soft lockup was tested.
>
> [Fix]
>
> Make sure to properly lock the lower dir inode before accessing the
> inode_operations object.
>
> [Regression potential]
>
> This patch only affects shiftfs, so we may only notice regressions with
> shiftfs (even if the fix is pretty trivial).
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list