| Message ID | 20180523022759.22556-1-khalid.elmously@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2017-18232 | expand |
On 23.05.2018 04:27, Khalid Elmously wrote: > CVE-2017-18232 > > The first 4 patches are for cleanup purposes and are effectively no-ops. They make some of the later patches apply cleanly. > > The remaining 7 patches are all part of the same series, which appears to be a re-working of the SAS event handling/queuing implementation. > > Note that patch 10/11 is the one that effectively fixes the vulnerability (according to the CVE triage info) - however it seemed to me that patches 5-9 and patch 11 - all of which are part of the same series - are also needed, so I brought them in as well. > > This CVE affects Trusty and Xenial in addition to Artful, however, I'm still working on the fix for Xenial which is proving more difficult, therefore sending just the Artful fix for now. > > I've boot-tested this kernel but haven't run any scsi/sas-specific tests. This may work in Artful but it feels to me like to much change. This does not scale moving further and further back. I could not spend too much time but my gut feeling is that instead it should be possible to adapt that patch #10 in a way that essentially does what the description says within the code that is there. Adapting function names and so on. Which can make this applicable to earlier releases even. -Stefan > > > Jason Yan (11): > scsi: libsas: kill useless ha_event and do some cleanup > scsi: libsas: remove the numbering for each event enum > scsi: libsas: remove unused port_gone_completion and DISCE_PORT_GONE > scsi: libsas: rename notify_port_event() for consistency > scsi: libsas: Use dynamic alloced work to avoid sas event lost > scsi: libsas: shut down the PHY if events reached the threshold > scsi: libsas: make the event threshold configurable > scsi: libsas: Use new workqueue to run sas event and disco event > scsi: libsas: use flush_workqueue to process disco events > synchronously > scsi: libsas: direct call probe and destruct > scsi: libsas: notify event PORTE_BROADCAST_RCVD in > sas_enable_revalidation() > > drivers/scsi/aic94xx/aic94xx_hwi.c | 3 - > drivers/scsi/hisi_sas/hisi_sas_main.c | 7 +- > drivers/scsi/libsas/sas_ata.c | 1 - > drivers/scsi/libsas/sas_discover.c | 34 ++++---- > drivers/scsi/libsas/sas_dump.c | 10 --- > drivers/scsi/libsas/sas_dump.h | 1 - > drivers/scsi/libsas/sas_event.c | 102 +++++++++++++--------- > drivers/scsi/libsas/sas_expander.c | 8 +- > drivers/scsi/libsas/sas_init.c | 117 +++++++++++++++++++++++--- > drivers/scsi/libsas/sas_internal.h | 7 ++ > drivers/scsi/libsas/sas_phy.c | 69 ++++++++------- > drivers/scsi/libsas/sas_port.c | 25 +++--- > include/scsi/libsas.h | 82 ++++++++---------- > include/scsi/scsi_transport_sas.h | 1 + > 14 files changed, 288 insertions(+), 179 deletions(-) >
CVE-2017-18232 The first 4 patches are for cleanup purposes and are effectively no-ops. They make some of the later patches apply cleanly. The remaining 7 patches are all part of the same series, which appears to be a re-working of the SAS event handling/queuing implementation. Note that patch 10/11 is the one that effectively fixes the vulnerability (according to the CVE triage info) - however it seemed to me that patches 5-9 and patch 11 - all of which are part of the same series - are also needed, so I brought them in as well. This CVE affects Trusty and Xenial in addition to Artful, however, I'm still working on the fix for Xenial which is proving more difficult, therefore sending just the Artful fix for now. I've boot-tested this kernel but haven't run any scsi/sas-specific tests. Jason Yan (11): scsi: libsas: kill useless ha_event and do some cleanup scsi: libsas: remove the numbering for each event enum scsi: libsas: remove unused port_gone_completion and DISCE_PORT_GONE scsi: libsas: rename notify_port_event() for consistency scsi: libsas: Use dynamic alloced work to avoid sas event lost scsi: libsas: shut down the PHY if events reached the threshold scsi: libsas: make the event threshold configurable scsi: libsas: Use new workqueue to run sas event and disco event scsi: libsas: use flush_workqueue to process disco events synchronously scsi: libsas: direct call probe and destruct scsi: libsas: notify event PORTE_BROADCAST_RCVD in sas_enable_revalidation() drivers/scsi/aic94xx/aic94xx_hwi.c | 3 - drivers/scsi/hisi_sas/hisi_sas_main.c | 7 +- drivers/scsi/libsas/sas_ata.c | 1 - drivers/scsi/libsas/sas_discover.c | 34 ++++---- drivers/scsi/libsas/sas_dump.c | 10 --- drivers/scsi/libsas/sas_dump.h | 1 - drivers/scsi/libsas/sas_event.c | 102 +++++++++++++--------- drivers/scsi/libsas/sas_expander.c | 8 +- drivers/scsi/libsas/sas_init.c | 117 +++++++++++++++++++++++--- drivers/scsi/libsas/sas_internal.h | 7 ++ drivers/scsi/libsas/sas_phy.c | 69 ++++++++------- drivers/scsi/libsas/sas_port.c | 25 +++--- include/scsi/libsas.h | 82 ++++++++---------- include/scsi/scsi_transport_sas.h | 1 + 14 files changed, 288 insertions(+), 179 deletions(-)