mbox series

[SRU,K,HWE-5.17,J,OEM-5.14,F,B,0/3] CVE-2022-3567 // CVE-2022-3566

Message ID 20221117035621.1091322-1-cascardo@canonical.com
Headers show
Series CVE-2022-3567 // CVE-2022-3566 | expand

Message

Thadeu Lima de Souza Cascardo Nov. 17, 2022, 3:56 a.m. UTC 
[Impact]
Under some race conditions, a different sk_prot (specially when an IPv6
socket is downgraded to IPv4) or a icsk_af_ops may be read.

[Backport]
An extra pre-req also fixing such data races was applied. Some context
has changed, new functions were introduced, other functions have been moved
and some hooks were not called. That lead to this final backport.

[Potential regression]
We may see failures and crashes on TCP and IPv6 workloads.

Eric Dumazet (1):
  ipv6: annotate some data-races around sk->sk_prot

Kuniyuki Iwashima (2):
  ipv6: Fix data races around sk->sk_prot.
  tcp: Fix data races around icsk->icsk_af_ops.

 net/core/sock.c          |  6 ++++--
 net/ipv4/af_inet.c       | 21 +++++++++++++++------
 net/ipv4/tcp.c           | 10 ++++++----
 net/ipv6/af_inet6.c      | 14 ++++++++++----
 net/ipv6/ipv6_sockglue.c | 11 ++++++++---
 net/ipv6/tcp_ipv6.c      |  6 ++++--
 6 files changed, 47 insertions(+), 21 deletions(-)

Comments

Luke Nowakowski-Krijger Nov. 17, 2022, 11:42 p.m. UTC | #1 
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

On Wed, Nov 16, 2022 at 7:57 PM Thadeu Lima de Souza Cascardo <
cascardo@canonical.com> wrote:

> [Impact]
> Under some race conditions, a different sk_prot (specially when an IPv6
> socket is downgraded to IPv4) or a icsk_af_ops may be read.
>
> [Backport]
> An extra pre-req also fixing such data races was applied. Some context
> has changed, new functions were introduced, other functions have been moved
> and some hooks were not called. That lead to this final backport.
>
> [Potential regression]
> We may see failures and crashes on TCP and IPv6 workloads.
>
> Eric Dumazet (1):
>   ipv6: annotate some data-races around sk->sk_prot
>
> Kuniyuki Iwashima (2):
>   ipv6: Fix data races around sk->sk_prot.
>   tcp: Fix data races around icsk->icsk_af_ops.
>
>  net/core/sock.c          |  6 ++++--
>  net/ipv4/af_inet.c       | 21 +++++++++++++++------
>  net/ipv4/tcp.c           | 10 ++++++----
>  net/ipv6/af_inet6.c      | 14 ++++++++++----
>  net/ipv6/ipv6_sockglue.c | 11 ++++++++---
>  net/ipv6/tcp_ipv6.c      |  6 ++++--
>  6 files changed, 47 insertions(+), 21 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
Cengiz Can Nov. 18, 2022, 4:29 a.m. UTC | #2 
On Thu, 2022-11-17 at 00:56 -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Under some race conditions, a different sk_prot (specially when an IPv6
> socket is downgraded to IPv4) or a icsk_af_ops may be read.
> 
> [Backport]
> An extra pre-req also fixing such data races was applied. Some context
> has changed, new functions were introduced, other functions have been moved
> and some hooks were not called. That lead to this final backport.
> 
> [Potential regression]
> We may see failures and crashes on TCP and IPv6 workloads.
> 
> Eric Dumazet (1):
>   ipv6: annotate some data-races around sk->sk_prot
> 
> Kuniyuki Iwashima (2):
>   ipv6: Fix data races around sk->sk_prot.
>   tcp: Fix data races around icsk->icsk_af_ops.

Acked-by: Cengiz Can <cengiz.can@canonical.com>

> 
>  net/core/sock.c          |  6 ++++--
>  net/ipv4/af_inet.c       | 21 +++++++++++++++------
>  net/ipv4/tcp.c           | 10 ++++++----
>  net/ipv6/af_inet6.c      | 14 ++++++++++----
>  net/ipv6/ipv6_sockglue.c | 11 ++++++++---
>  net/ipv6/tcp_ipv6.c      |  6 ++++--
>  6 files changed, 47 insertions(+), 21 deletions(-)
> 
> -- 
> 2.34.1
> 
>
Stefan Bader Nov. 21, 2022, 1:45 p.m. UTC | #3 
On 17.11.22 04:56, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Under some race conditions, a different sk_prot (specially when an IPv6
> socket is downgraded to IPv4) or a icsk_af_ops may be read.
> 
> [Backport]
> An extra pre-req also fixing such data races was applied. Some context
> has changed, new functions were introduced, other functions have been moved
> and some hooks were not called. That lead to this final backport.
> 
> [Potential regression]
> We may see failures and crashes on TCP and IPv6 workloads.
> 
> Eric Dumazet (1):
>    ipv6: annotate some data-races around sk->sk_prot
> 
> Kuniyuki Iwashima (2):
>    ipv6: Fix data races around sk->sk_prot.
>    tcp: Fix data races around icsk->icsk_af_ops.
> 
>   net/core/sock.c          |  6 ++++--
>   net/ipv4/af_inet.c       | 21 +++++++++++++++------
>   net/ipv4/tcp.c           | 10 ++++++----
>   net/ipv6/af_inet6.c      | 14 ++++++++++----
>   net/ipv6/ipv6_sockglue.c | 11 ++++++++---
>   net/ipv6/tcp_ipv6.c      |  6 ++++--
>   6 files changed, 47 insertions(+), 21 deletions(-)
> 

Applied to all but OEM-5.14. Thanks.

-Stefan
Timo Aaltonen Nov. 30, 2022, 9:55 a.m. UTC | #4 
Thadeu Lima de Souza Cascardo kirjoitti 17.11.2022 klo 5.56:
> [Impact]
> Under some race conditions, a different sk_prot (specially when an IPv6
> socket is downgraded to IPv4) or a icsk_af_ops may be read.
> 
> [Backport]
> An extra pre-req also fixing such data races was applied. Some context
> has changed, new functions were introduced, other functions have been moved
> and some hooks were not called. That lead to this final backport.
> 
> [Potential regression]
> We may see failures and crashes on TCP and IPv6 workloads.
> 
> Eric Dumazet (1):
>    ipv6: annotate some data-races around sk->sk_prot
> 
> Kuniyuki Iwashima (2):
>    ipv6: Fix data races around sk->sk_prot.
>    tcp: Fix data races around icsk->icsk_af_ops.
> 
>   net/core/sock.c          |  6 ++++--
>   net/ipv4/af_inet.c       | 21 +++++++++++++++------
>   net/ipv4/tcp.c           | 10 ++++++----
>   net/ipv6/af_inet6.c      | 14 ++++++++++----
>   net/ipv6/ipv6_sockglue.c | 11 ++++++++---
>   net/ipv6/tcp_ipv6.c      |  6 ++++--
>   6 files changed, 47 insertions(+), 21 deletions(-)
> 

applied to oem-5.14, thanks