Message ID | 20230728194016.91196-1-yuxuan.luo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-2269 | expand |
On 7/28/23 1:40 PM, Yuxuan Luo wrote: > [Impact] > A denial of service problem was found, due to a possible recursive > locking scenario, resulting in a deadlock in table_clear in > drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing > sub-component. > > [Backport] > Clean cherry pick. > > [Test] > Tested against the following script to verify that the verity > functionality is not broken and ioctl is still working as intended: > > ```bash > IMG_SIZE=50M > VERITY_DEV='' > HASH_DEV='' > TARGET_DIR=/mnt/dmtest > ROOT_HASH='' > PARAM='' > > # Prepare two loop devices > truncate -s $IMG_SIZE verity.img hash.img > > losetup -f verity.img > VERITY_DEV=$(sudo losetup -j verity.img | awk -F: '{print $1}') > losetup -f hash.img > HASH_DEV=$(sudo losetup -j hash.img | awk -F: '{print $1}') > > # Create the verity device > ROOT_HASH=`veritysetup format $VERITY_DEV $HASH_DEV > | tail -n 1 > | awk '{print $3}'` > veritysetup create vroot $VERITY_DEV $HASH_DEV $ROOT_HASH > > # Reload the verity device > PARAM=$(sudo dmsetup table | awk '{ret = $2 " " $3; print ret}') > dmsetup suspend vroot > > # Expect this command to fail > dmsetup reload vroot --table "$PARAM linear $VERITY_DEV 0" > ``` > > [Potential Regression] > Expect low regression potential. > > Mike Snitzer (1): > dm ioctl: fix nested locking in table_clear() to remove deadlock > concern > > drivers/md/dm-ioctl.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On Fri, 2023-07-28 at 15:40 -0400, Yuxuan Luo wrote: > [Impact] > A denial of service problem was found, due to a possible recursive > locking scenario, resulting in a deadlock in table_clear in > drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing > sub-component. > > [Backport] > Clean cherry pick. > > [Test] > Tested against the following script to verify that the verity > functionality is not broken and ioctl is still working as intended: > > ```bash > IMG_SIZE=50M > VERITY_DEV='' > HASH_DEV='' > TARGET_DIR=/mnt/dmtest > ROOT_HASH='' > PARAM='' > > # Prepare two loop devices > truncate -s $IMG_SIZE verity.img hash.img > > losetup -f verity.img > VERITY_DEV=$(sudo losetup -j verity.img | awk -F: '{print $1}') > losetup -f hash.img > HASH_DEV=$(sudo losetup -j hash.img | awk -F: '{print $1}') > > # Create the verity device > ROOT_HASH=`veritysetup format $VERITY_DEV $HASH_DEV > | tail -n 1 > | awk '{print $3}'` > veritysetup create vroot $VERITY_DEV $HASH_DEV $ROOT_HASH > > # Reload the verity device > PARAM=$(sudo dmsetup table | awk '{ret = $2 " " $3; print ret}') > dmsetup suspend vroot > > # Expect this command to fail > dmsetup reload vroot --table "$PARAM linear $VERITY_DEV 0" > ``` > > [Potential Regression] > Expect low regression potential. > > Mike Snitzer (1): > dm ioctl: fix nested locking in table_clear() to remove deadlock > concern Acked-by: Cengiz Can <cengiz.can@canonical.com> > > drivers/md/dm-ioctl.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > -- > 2.34.1 > >
On 28.07.23 21:40, Yuxuan Luo wrote: > [Impact] > A denial of service problem was found, due to a possible recursive > locking scenario, resulting in a deadlock in table_clear in > drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing > sub-component. > > [Backport] > Clean cherry pick. > > [Test] > Tested against the following script to verify that the verity > functionality is not broken and ioctl is still working as intended: > > ```bash > IMG_SIZE=50M > VERITY_DEV='' > HASH_DEV='' > TARGET_DIR=/mnt/dmtest > ROOT_HASH='' > PARAM='' > > # Prepare two loop devices > truncate -s $IMG_SIZE verity.img hash.img > > losetup -f verity.img > VERITY_DEV=$(sudo losetup -j verity.img | awk -F: '{print $1}') > losetup -f hash.img > HASH_DEV=$(sudo losetup -j hash.img | awk -F: '{print $1}') > > # Create the verity device > ROOT_HASH=`veritysetup format $VERITY_DEV $HASH_DEV > | tail -n 1 > | awk '{print $3}'` > veritysetup create vroot $VERITY_DEV $HASH_DEV $ROOT_HASH > > # Reload the verity device > PARAM=$(sudo dmsetup table | awk '{ret = $2 " " $3; print ret}') > dmsetup suspend vroot > > # Expect this command to fail > dmsetup reload vroot --table "$PARAM linear $VERITY_DEV 0" > ``` > > [Potential Regression] > Expect low regression potential. > > Mike Snitzer (1): > dm ioctl: fix nested locking in table_clear() to remove deadlock > concern > > drivers/md/dm-ioctl.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > Rejected for the following reasons: Patch was already applied (could reverse-apply) to Focal as a pending stable commit. I have just adjusted the existing commit message to include the CVE number. -Stefan