[SRU][F/J/M][PATCH 0/2] CVE-2024-26624

[Yuxuan Luo]

[Impact]
A potential deadlock is found in the AF_UNIX subsystem, the scenario is
shown below:

      CPU0                    CPU1
      ----                    ----
 lock(&u->lock/1);
                              lock(rlock-AF_UNIX);
                              lock(&u->lock/1);
 lock(rlock-AF_UNIX);

*** DEADLOCK ***
Such deadlock could lead to serious denial of service and system crash.

[Backport]
The fix is a clean cherry pick.

However, the modified function has been copied to our own trees
(security/apparmor/af_unix.c), therefore, a sauce patch is needed to
synchronize the change.

[Test]
Compile and boot tested.

[Where things could go wrong]
The fix touches af_unix.c which means most of the use case are affected.
However, what this fix does is to add "an identifier" to the locks to
avoid potential deadlock without touching working logic; plus, this fix
has been backported to multiple stable trees, expect very low regression
potential. If such happens, it is probably a denial of service.

Eric Dumazet (1):
  af_unix: fix lockdep positive in sk_diag_dump_icons()

Yuxuan Luo (1):
  UBUNTU: SAUCE: af_unix: fix lockdep positive in sk_diag_dump_icons()

 include/net/af_unix.h       | 20 ++++++++++++++------
 net/unix/af_unix.c          | 14 ++++++--------
 net/unix/diag.c             |  2 +-
 security/apparmor/af_unix.c | 12 +++++-------
 4 files changed, 26 insertions(+), 22 deletions(-)

-- 
2.34.1