APPLIED: [SRU][J/F][PATCH 0/2] CVE-2024-38570
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Aug 26 06:57:53 UTC 2024
On 16/08/2024 20:07, Bethany Jamison wrote:
> [Impact]
>
> gfs2: Fix potential glock use-after-free on unmount
>
> When a DLM lockspace is released and there are still locks in that
> lockspace, DLM will unlock those locks automatically. Commit
> fb6791d started exploiting this behavior to speed up filesystem
> unmount: gfs2 would simply free glocks it didn't want to unlock and then
> release the lockspace. This didn't take the bast callbacks for
> asynchronous lock contention notifications into account, which remain
> active until until a lock is unlocked or its lockspace is released.
>
> To prevent those callbacks from accessing deallocated objects, put the
> glocks that should not be unlocked on the sd_dead_glocks list, release
> the lockspace, and only then free those glocks.
>
> As an additional measure, ignore unexpected ast and bast callbacks if
> the receiving glock is dead.
>
> [Fix]
>
> Noble: released
> Jammy: Cleanly cherry-picked prereq commit, backported fix commit:
> context conflicts from neighboring lines, shouldn't affect the
> fix changes
> Focal: same as Jammy put with slightly different neighboring context
> conflicts so the Jammy patch unfortunatly couldn't be applied
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix
>
> [Test Case]
>
> Compiled
>
> [Where problems could occur]
>
> This fix affects those who use GFS2 (Global File System 2), an issue
> with this fix would be visible to the user via unexpected system
> behavior or a system crash.
>
> Andreas Gruenbacher (2):
> gfs2: Rename sd_{ glock => kill }_wait
> gfs2: Fix potential glock use-after-free on unmount
>
> fs/gfs2/glock.c | 41 +++++++++++++++++++++++++++++++++++------
> fs/gfs2/glock.h | 1 +
> fs/gfs2/incore.h | 3 ++-
> fs/gfs2/lock_dlm.c | 12 +++++++++++-
> fs/gfs2/ops_fstype.c | 3 ++-
> fs/gfs2/super.c | 3 ---
> 6 files changed, 51 insertions(+), 12 deletions(-)
>
Applied to jammy:inux, focal:linux master-next branches. Thanks!
More information about the kernel-team
mailing list