| Message ID | 20230510204413.615426-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | shiftfs: fix locking in shiftfs_create_object() | expand |
On 5/10/23 3:44 PM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > > In shiftfs_create_object() we use the lower dir inode operations without > properly locking the inode on the lower dir object. > > When unprivileged user namespaces are enabled, which is the default, this > could be exploited by an unprivileged user to trigger system crashes or > soft lockups. > > [Test case] > > A PoC triggering a soft lockup was tested. > > [Fix] > > Make sure to properly lock the lower dir inode before accessing the > inode_operations object. > > [Regression potential] > > This patch only affects shiftfs, so we may only notice regressions with > shiftfs (even if the fix is pretty trivial). > > > Acked-by: John Cabaj <john.cabaj@canonical.com>
On Wed, May 10, 2023 at 05:44:12PM -0300, Thadeu Lima de Souza Cascardo wrote: > [Impact] > > In shiftfs_create_object() we use the lower dir inode operations without > properly locking the inode on the lower dir object. > > When unprivileged user namespaces are enabled, which is the default, this > could be exploited by an unprivileged user to trigger system crashes or > soft lockups. > > [Test case] > > A PoC triggering a soft lockup was tested. > > [Fix] > > Make sure to properly lock the lower dir inode before accessing the > inode_operations object. > > [Regression potential] > > This patch only affects shiftfs, so we may only notice regressions with > shiftfs (even if the fix is pretty trivial). > > > > -- Acked-by: Cory Todd <cory.todd@canonical.com>
Applied to lunar, kinetic, jammy, focal linux master-next Thanks, - Luke On Wed, May 10, 2023 at 10:44 PM Thadeu Lima de Souza Cascardo < cascardo@canonical.com> wrote: > [Impact] > > In shiftfs_create_object() we use the lower dir inode operations without > properly locking the inode on the lower dir object. > > When unprivileged user namespaces are enabled, which is the default, this > could be exploited by an unprivileged user to trigger system crashes or > soft lockups. > > [Test case] > > A PoC triggering a soft lockup was tested. > > [Fix] > > Make sure to properly lock the lower dir inode before accessing the > inode_operations object. > > [Regression potential] > > This patch only affects shiftfs, so we may only notice regressions with > shiftfs (even if the fix is pretty trivial). > > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >
Thadeu Lima de Souza Cascardo kirjoitti 10.5.2023 klo 23.44: > [Impact] > > In shiftfs_create_object() we use the lower dir inode operations without > properly locking the inode on the lower dir object. > > When unprivileged user namespaces are enabled, which is the default, this > could be exploited by an unprivileged user to trigger system crashes or > soft lockups. > > [Test case] > > A PoC triggering a soft lockup was tested. > > [Fix] > > Make sure to properly lock the lower dir inode before accessing the > inode_operations object. > > [Regression potential] > > This patch only affects shiftfs, so we may only notice regressions with > shiftfs (even if the fix is pretty trivial). > applied to oem kernels, thanks