From patchwork Tue May 9 23:50:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1779140 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=lE61NTzg; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QGFLG559Fz214S for ; Wed, 10 May 2023 09:51:33 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pwX76-0007P8-DA; Tue, 09 May 2023 23:51:24 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pwX74-0007Oq-U1 for kernel-team@lists.ubuntu.com; Tue, 09 May 2023 23:51:22 +0000 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id AA94C3F486 for ; Tue, 9 May 2023 23:51:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683676282; bh=Q+iwh9nhsiXE9alF0Who3ohETyyP5fb8Mc/CNRpG05M=; h=From:To:Subject:Date:Message-Id:MIME-Version:Content-Type; b=lE61NTzgB4CiHC3BU2B9Y/eKYzA56CloRGev4vk1dPRW5eY8KMwxo7blomMyH3gkm Y/Ogf85pqGpyTHA4JzJQ2GbbCitnfP/0Ho7pYPBefECPtc0Fos2mIL/U0TA3tX6fYh W0P9dlvQx+5OoxRWrLTV1uCf8WPX/gPCxSeIQb38P2aHYL2CF/lEaivtdKUISkZsMw DmqruiGDNQaKKfjHjukFYQy2YpIJnK1U975DSIATm+MNawR2L06wo40chuBEeqmKzU Vj1dtzm+nwRnNXzH8iap96eIbausN+Vqs9f8eQ11NtEXN6LFhIicKCubAQ1FnU1ItY 9JSpSDkRfjuIA== Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-50bcaaeaec0so7390643a12.2 for ; Tue, 09 May 2023 16:51:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683676282; x=1686268282; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Q+iwh9nhsiXE9alF0Who3ohETyyP5fb8Mc/CNRpG05M=; b=d1HaI48UeZ1tUhQeYnwsVp9d4uWRNE/WBUTL6n0QukrHs3nh5wJ94veYAEfwOtjiAP s6y0mFX6vCNzI8VLWTYDY8PkotHmw7LMKrn/xvw1YjNSxAJNtcFOXGiK1JF2hJPhWyR9 1FHcqujwufbqIdDVUqM/EFd58bQxbk+UrRBaL6S2aG9UBx/rttcGtt+lffPp079uqFTn MADv6AXzivSDZFHHhIOEQK7F8zaZprkQnpfHEk7a2R0eW5JkPwv21wGWnb8ixfbUtUjy MqO0k47C0Zva4wNzsVhioES9aFDqcCwJDKGAHfSXJ+PHKEDn4OZYgcFnFMCXqCsFcNhD ZuEQ== X-Gm-Message-State: AC+VfDzLMiekClsmourJ+zomJvDLI5GpFQ8mwv7/xvlDv9pezDbj8JTv SVkLQ7rRULJyvrpb+dhyZgSAIsjSA8yvMQq/U2Y0ssG3sGWms+vM/GrpspdhnGACoY1PXK17nP8 VDT1o4GJDlpugnkAytSw8XiMbKDahlV1/HG6tmpkxMkijKbOG4A== X-Received: by 2002:a05:6402:203:b0:506:a561:b0a9 with SMTP id t3-20020a056402020300b00506a561b0a9mr13183808edv.14.1683676282120; Tue, 09 May 2023 16:51:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5Jwe/LGjpA22ZktB83KMxEkDYMgCHDjMDkI3Pfj3oAiMGRQpT0C/mgty8dOvyuEsYxpS6lPQ== X-Received: by 2002:a05:6402:203:b0:506:a561:b0a9 with SMTP id t3-20020a056402020300b00506a561b0a9mr13183799edv.14.1683676281838; Tue, 09 May 2023 16:51:21 -0700 (PDT) Received: from localhost.localdomain ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id p15-20020aa7cc8f000000b0050bcca2e459sm1295429edt.8.2023.05.09.16.51.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 16:51:21 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][K/J/F][PATCH 0/3] CVE-2022-4269 Date: Tue, 9 May 2023 19:50:38 -0400 Message-Id: <20230509235043.69974-1-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. [Backport] For Kinetic and Jammy, the fix commit is a clean cherry pick, but build error occurs at `mirred_nest_level` not found. In order to fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better wording on protection against excessive stack growth”), this commit renamed some variables, which solves the error of the fix commit. For Focal, in addition to the commits above, three commits have to be backported to solve a conflict, 1d14b30b5a5e, fa6d639930ee, and ef816f3c49c1. Then, backport the part that affects `act_mirred.c` in the 26b537a88ca5 commit to introduce the required `tcf_action_inc_overlimit_qstats()` function. [Test] Compile and smoke tested. [Potential Regression] Expecting really low potential regression for Kinetic and Jammy as the two commits only refactor and add some checks. For Focal, the additional four commits mainly aim at refactoring and introduce a function that only has one caller, so the regression potential should not be higher by a significant amount. Davide Caratti (1): act_mirred: use the backlog for nested calls to mirred ingress net/sched/act_mirred.c | 7 +++ .../selftests/net/forwarding/tc_actions.sh | 49 ++++++++++++++++++- 2 files changed, 55 insertions(+), 1 deletion(-) Acked-by: Tim Gardner Acked-by: Cengiz Can