mbox series

[SRU,Jammy-OEM-5.17/OEM-6.0,0/2] CVE-2022-4269

Message ID 20230804172735.20929-1-yuxuan.luo@canonical.com
Headers show
Series CVE-2022-4269 | expand

Message

Yuxuan Luo Aug. 4, 2023, 5:27 p.m. UTC 
[Impact]
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
a specific networking configuration (redirecting egress packets to ingress
using TC action "mirred") a local unprivileged user could trigger a CPU
soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
SCTP) does a retransmission, resulting in a denial of service condition.

[Backport]
For Jammy, there is a build error at `mirred_nest_level` not found. In order to
fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better
wording on protection against excessive stack growth”), this commit renamed
some variables, which solves the error of the fix commit.

[Test]
Compile and smoke tested via `sudo tc filter add dev dummy0 protocol ip
pref 100 handle 100 flower`.

[Potential Regression]
Expecting really low potential regression as the two commits only
refactor and add some checks.

Davide Caratti (1):
  act_mirred: use the backlog for nested calls to mirred ingress

 net/sched/act_mirred.c                        |  7 +++
 .../selftests/net/forwarding/tc_actions.sh    | 49 ++++++++++++++++++-
 2 files changed, 55 insertions(+), 1 deletion(-)

Comments

Tim Gardner Aug. 7, 2023, 12:21 p.m. UTC | #1 
On 8/4/23 11:27 AM, Yuxuan Luo wrote:
> [Impact]
> A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
> a specific networking configuration (redirecting egress packets to ingress
> using TC action "mirred") a local unprivileged user could trigger a CPU
> soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
> SCTP) does a retransmission, resulting in a denial of service condition.
> 
> [Backport]
> For Jammy, there is a build error at `mirred_nest_level` not found. In order to
> fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better
> wording on protection against excessive stack growth”), this commit renamed
> some variables, which solves the error of the fix commit.
> 
> [Test]
> Compile and smoke tested via `sudo tc filter add dev dummy0 protocol ip
> pref 100 handle 100 flower`.
> 
> [Potential Regression]
> Expecting really low potential regression as the two commits only
> refactor and add some checks.
> 
> Davide Caratti (1):
>    act_mirred: use the backlog for nested calls to mirred ingress
> 
>   net/sched/act_mirred.c                        |  7 +++
>   .../selftests/net/forwarding/tc_actions.sh    | 49 ++++++++++++++++++-
>   2 files changed, 55 insertions(+), 1 deletion(-)
> 
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Timo Aaltonen Aug. 11, 2023, 9:37 a.m. UTC | #2 
Yuxuan Luo kirjoitti 4.8.2023 klo 20.27:
> [Impact]
> A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using
> a specific networking configuration (redirecting egress packets to ingress
> using TC action "mirred") a local unprivileged user could trigger a CPU
> soft lockup (ABBA deadlock) when the transport protocol in use (TCP or
> SCTP) does a retransmission, resulting in a denial of service condition.
> 
> [Backport]
> For Jammy, there is a build error at `mirred_nest_level` not found. In order to
> fix this problem, backport 78dcdffe0418 (“net/sched: act_mirred: better
> wording on protection against excessive stack growth”), this commit renamed
> some variables, which solves the error of the fix commit.
> 
> [Test]
> Compile and smoke tested via `sudo tc filter add dev dummy0 protocol ip
> pref 100 handle 100 flower`.
> 
> [Potential Regression]
> Expecting really low potential regression as the two commits only
> refactor and add some checks.
> 
> Davide Caratti (1):
>    act_mirred: use the backlog for nested calls to mirred ingress
> 
>   net/sched/act_mirred.c                        |  7 +++
>   .../selftests/net/forwarding/tc_actions.sh    | 49 ++++++++++++++++++-
>   2 files changed, 55 insertions(+), 1 deletion(-)
> 

applied to oem kernels, thanks