From patchwork Wed May 26 15:11:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo X-Patchwork-Id: 1484085 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FqvYh3sVBz9sVt; Thu, 27 May 2021 01:11:51 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1llvCD-0003PA-6N; Wed, 26 May 2021 15:11:45 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1llvCA-0003Ox-T3 for kernel-team@lists.ubuntu.com; Wed, 26 May 2021 15:11:42 +0000 Received: from [177.198.111.192] (helo=mussarela..) by youngberry.canonical.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1llvCA-00036l-83 for kernel-team@lists.ubuntu.com; Wed, 26 May 2021 15:11:42 +0000 From: Thadeu Lima de Souza Cascardo To: kernel-team@lists.ubuntu.com Subject: [SRU Bionic, Groovy, Focal/linux-oem-5.6, Focal/linux-oem-5.10 0/2] CVE-2021-23133 Date: Wed, 26 May 2021 12:11:26 -0300 Message-Id: <20210526151129.16141-1-cascardo@canonical.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] When a SCTP socket fails to be created because of an attached BPF program, a race might cause a list to be corrupt. [Fix] A first fix was submitted and accepted but found to cause potential lockups. In kernels where this fix has been applied, it was reverted and the second fix was applied. In other kernels, only the second fix was applied. [Test] A reproducer for the list corruption was tested with slub_debug=FZP,SCTP, because that was the only condition where the corruption could be noticed. Also, the syzbot reproducer for the lockup was run, though there was no indication of a lockup on an unpatched kernel. [Potential regressions] SCTP asconf might fail to work properly, or lockups might happen when creating or destroying SCTP sockets. Xin Long (1): Revert "net/sctp: fix race condition in sctp_destroy_sock" sctp: delay auto_asconf init until binding the first addr net/sctp/socket.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) Acked-by: Guilherme G. Piccoli Acked-by: Tim Gardner Acked-By: AceLan Kao