mbox series

[SRU,Lunar/Jammy-OEM-6.0/Jammy-OEM-6.1,0/1] CVE-2023-2176

Message ID 20230601144855.30252-1-yuxuan.luo@canonical.com
Headers show
Series CVE-2023-2176 | expand

Message

Yuxuan Luo June 1, 2023, 2:48 p.m. UTC 
[Impact]
Under a race condition, the drivers/infiniband/core/cma would have multiple
entries with identical key value in a red-black tree, causing
slab-out-of-bound read.

[Backport]
It is a clean cherry for all three affected kernels.

[Test]
Compile and boot tested.

[Potential Regression]
Expecting relatively low potential of regression since the function logic is
simplified in fact.

Patrisious Haddad (1):
  RDMA/core: Refactor rdma_bind_addr

 drivers/infiniband/core/cma.c | 253 +++++++++++++++++-----------------
 1 file changed, 130 insertions(+), 123 deletions(-)

Comments

Tim Gardner June 1, 2023, 3:01 p.m. UTC | #1 
On 6/1/23 8:48 AM, Yuxuan Luo wrote:
> [Impact]
> Under a race condition, the drivers/infiniband/core/cma would have multiple
> entries with identical key value in a red-black tree, causing
> slab-out-of-bound read.
> 
> [Backport]
> It is a clean cherry for all three affected kernels.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Expecting relatively low potential of regression since the function logic is
> simplified in fact.
> 
> Patrisious Haddad (1):
>    RDMA/core: Refactor rdma_bind_addr
> 
>   drivers/infiniband/core/cma.c | 253 +++++++++++++++++-----------------
>   1 file changed, 130 insertions(+), 123 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Andrei Gherzan June 2, 2023, 2:14 p.m. UTC | #2 
On 23/06/01 10:48AM, Yuxuan Luo wrote:
> [Impact]
> Under a race condition, the drivers/infiniband/core/cma would have multiple
> entries with identical key value in a red-black tree, causing
> slab-out-of-bound read.
> 
> [Backport]
> It is a clean cherry for all three affected kernels.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Expecting relatively low potential of regression since the function logic is
> simplified in fact.
> 
> Patrisious Haddad (1):
>   RDMA/core: Refactor rdma_bind_addr
> 
>  drivers/infiniband/core/cma.c | 253 +++++++++++++++++-----------------
>  1 file changed, 130 insertions(+), 123 deletions(-)
> 
> -- 
> 2.34.1

Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Luke Nowakowski-Krijger June 12, 2023, 8:29 p.m. UTC | #3 
Applied to lunar:linux master-next,

Thanks!
- Luke

On Thu, Jun 1, 2023 at 7:49 AM Yuxuan Luo <yuxuan.luo@canonical.com> wrote:

> [Impact]
> Under a race condition, the drivers/infiniband/core/cma would have multiple
> entries with identical key value in a red-black tree, causing
> slab-out-of-bound read.
>
> [Backport]
> It is a clean cherry for all three affected kernels.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expecting relatively low potential of regression since the function logic
> is
> simplified in fact.
>
> Patrisious Haddad (1):
>   RDMA/core: Refactor rdma_bind_addr
>
>  drivers/infiniband/core/cma.c | 253 +++++++++++++++++-----------------
>  1 file changed, 130 insertions(+), 123 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
Timo Aaltonen June 13, 2023, 1:42 p.m. UTC | #4 
Yuxuan Luo kirjoitti 1.6.2023 klo 17.48:
> [Impact]
> Under a race condition, the drivers/infiniband/core/cma would have multiple
> entries with identical key value in a red-black tree, causing
> slab-out-of-bound read.
> 
> [Backport]
> It is a clean cherry for all three affected kernels.
> 
> [Test]
> Compile and boot tested.
> 
> [Potential Regression]
> Expecting relatively low potential of regression since the function logic is
> simplified in fact.
> 
> Patrisious Haddad (1):
>    RDMA/core: Refactor rdma_bind_addr
> 
>   drivers/infiniband/core/cma.c | 253 +++++++++++++++++-----------------
>   1 file changed, 130 insertions(+), 123 deletions(-)
> 

applied to oem kernels, thanks