Message ID | 20211013191856.906264-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | CVE-2020-36322 and CVE-2021-28950 | expand |
Acked-by: Kelsey Skunberg <kelsey.skunberg@canonical.com> On 2021-10-13 16:18:54 , Thadeu Lima de Souza Cascardo wrote: > [Impact] > Unprivileged users could mount a fuse filesystem and trigger a BUG_ON or > a soft lockup. > > [Test case] > A test was found for the first issue, but not the second. The fix works for > that first one. > > [Backport] > The backport had a lot of conflicts due to context. As the nature of the fix > was basically replacing is_bad_inode with fuse_is_bad and adding the check > for fuse_is_bad, it is not that hard to review that the end result is as expected. > > [Potential regression] > FUSE filesystems may lock up, trigger BUGs, or fail to respond. It is more > likely to happen due to malicious actions. So, there is a chance that > forcing bad inodes may lead to other potential hiccups. > > Amir Goldstein (1): > fuse: fix live lock in fuse_iget() > > Miklos Szeredi (1): > fuse: fix bad inode > > fs/fuse/acl.c | 6 ++++++ > fs/fuse/dir.c | 41 ++++++++++++++++++++++++++++++++++++----- > fs/fuse/file.c | 21 ++++++++++++--------- > fs/fuse/fuse_i.h | 13 +++++++++++++ > fs/fuse/inode.c | 2 +- > fs/fuse/xattr.c | 9 +++++++++ > 6 files changed, 77 insertions(+), 15 deletions(-) > > -- > 2.30.2 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 13.10.21 21:18, Thadeu Lima de Souza Cascardo wrote: > [Impact] > Unprivileged users could mount a fuse filesystem and trigger a BUG_ON or > a soft lockup. > > [Test case] > A test was found for the first issue, but not the second. The fix works for > that first one. > > [Backport] > The backport had a lot of conflicts due to context. As the nature of the fix > was basically replacing is_bad_inode with fuse_is_bad and adding the check > for fuse_is_bad, it is not that hard to review that the end result is as expected. > > [Potential regression] > FUSE filesystems may lock up, trigger BUGs, or fail to respond. It is more > likely to happen due to malicious actions. So, there is a chance that > forcing bad inodes may lead to other potential hiccups. > > Amir Goldstein (1): > fuse: fix live lock in fuse_iget() > > Miklos Szeredi (1): > fuse: fix bad inode > > fs/fuse/acl.c | 6 ++++++ > fs/fuse/dir.c | 41 ++++++++++++++++++++++++++++++++++++----- > fs/fuse/file.c | 21 ++++++++++++--------- > fs/fuse/fuse_i.h | 13 +++++++++++++ > fs/fuse/inode.c | 2 +- > fs/fuse/xattr.c | 9 +++++++++ > 6 files changed, 77 insertions(+), 15 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 13.10.21 21:18, Thadeu Lima de Souza Cascardo wrote: > [Impact] > Unprivileged users could mount a fuse filesystem and trigger a BUG_ON or > a soft lockup. > > [Test case] > A test was found for the first issue, but not the second. The fix works for > that first one. > > [Backport] > The backport had a lot of conflicts due to context. As the nature of the fix > was basically replacing is_bad_inode with fuse_is_bad and adding the check > for fuse_is_bad, it is not that hard to review that the end result is as expected. > > [Potential regression] > FUSE filesystems may lock up, trigger BUGs, or fail to respond. It is more > likely to happen due to malicious actions. So, there is a chance that > forcing bad inodes may lead to other potential hiccups. > > Amir Goldstein (1): > fuse: fix live lock in fuse_iget() > > Miklos Szeredi (1): > fuse: fix bad inode > > fs/fuse/acl.c | 6 ++++++ > fs/fuse/dir.c | 41 ++++++++++++++++++++++++++++++++++++----- > fs/fuse/file.c | 21 ++++++++++++--------- > fs/fuse/fuse_i.h | 13 +++++++++++++ > fs/fuse/inode.c | 2 +- > fs/fuse/xattr.c | 9 +++++++++ > 6 files changed, 77 insertions(+), 15 deletions(-) > Applied to bionic:linux. Thanks, Kleber