APPLIED: [SRU][F][PATCH 0/1] CVE-2023-52497

Stefan Bader stefan.bader at canonical.com
Fri Oct 11 09:50:30 UTC 2024 

On 10.10.24 21:52, Jacob Martin wrote:
> [Impact]
> 
> The kernel's LZ4 decompression algorithm expects that data being in-place
> decompressed is located at the end of the end of the output buffer. The EROFS
> implementation will map in and out buffers without a guarantee on their
> ordering. While this is incorrect behavior on all CPUs, x86 CPUs declaring the
> FSRM capability have a memmove implementation that is particularly affected by
> this misordering, resulting in frequent data corruption. Resolve the issue by
> always using the output buffer for in-place decompression, with the compressed
> data placed at the end of it.
> 
> [Fix]
> 
> Noble: Fix released
> Jammy: Fix released
> Focal: Clean cherry-pick from linux-5.10.y stable branch
> Bionic: Not affected
> Xenial: Not affected
> Trusty: Not affected
> 
> [Test Case]
> 
> Compile tested. Verified that an EROFS filesystem could be created, mounted,
> and read from with its data intact while this patch was applied.
> 
> # mkdir erofs_test_data erofs_test_mnt
> # for i in {0..9}; do dd if=/dev/urandom of="erofs_test_data/test$i" bs=1M count=1; done
> # mkfs.erofs -z lz4 erofs_test.img erofs_test_data
> # modprobe erofs
> # mount -o loop erofs_test.img erofs_test_mnt
> # diff -qr erofs_test_data erofs_test_mnt
> 
> [Where problems could occur]
> 
> This fix modifies the LZO decompression behavior of the EROFS filesystem
> specifically.  Issues with this fix are likely to only affect use of the EROFS
> filesystem.
> 
> Gao Xiang (1):
>    erofs: fix lz4 inplace decompression
> 
>   fs/erofs/decompressor.c | 24 ++++++++++++++----------
>   1 file changed, 14 insertions(+), 10 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241011/34f6ba80/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20241011/34f6ba80/attachment-0001.sig>

More information about the kernel-team mailing list