APPLIED/Cmnt: [SRU][F/J/M][PATCH 0/2] CVE-2024-26624

Stefan Bader stefan.bader at canonical.com
Wed Mar 27 15:43:32 UTC 2024 

On 27.03.24 01:18, Yuxuan Luo wrote:
> [Impact]
> A potential deadlock is found in the AF_UNIX subsystem, the scenario is
> shown below:
> 
>        CPU0                    CPU1
>        ----                    ----
>   lock(&u->lock/1);
>                                lock(rlock-AF_UNIX);
>                                lock(&u->lock/1);
>   lock(rlock-AF_UNIX);
> 
> *** DEADLOCK ***
> Such deadlock could lead to serious denial of service and system crash.
> 
> [Backport]
> The fix is a clean cherry pick.
> 
> However, the modified function has been copied to our own trees
> (security/apparmor/af_unix.c), therefore, a sauce patch is needed to
> synchronize the change.
> 
> [Test]
> Compile and boot tested.
> 
> [Where things could go wrong]
> The fix touches af_unix.c which means most of the use case are affected.
> However, what this fix does is to add "an identifier" to the locks to
> avoid potential deadlock without touching working logic; plus, this fix
> has been backported to multiple stable trees, expect very low regression
> potential. If such happens, it is probably a denial of service.
> 
> Eric Dumazet (1):
>    af_unix: fix lockdep positive in sk_diag_dump_icons()
> 
> Yuxuan Luo (1):
>    UBUNTU: SAUCE: af_unix: fix lockdep positive in sk_diag_dump_icons()
> 
>   include/net/af_unix.h       | 20 ++++++++++++++------
>   net/unix/af_unix.c          | 14 ++++++--------
>   net/unix/diag.c             |  2 +-
>   security/apparmor/af_unix.c | 12 +++++-------
>   4 files changed, 26 insertions(+), 22 deletions(-)
> 
As stated in Manuel's reply this already was applied to Jammy and Focal. 
I applied the modified commit message of #2 to Mantic and reworded the 
respective change in Jammy and Focal accordingly. Also added the CVE 
number there. And also to patch #1 in Mantic.

Applied to mantic,jammy,focal:linux/master-next. Thanks.

-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240327/31617fe5/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240327/31617fe5/attachment-0001.sig>

More information about the kernel-team mailing list