| Message ID | 20240325103300.494141-1-juerg.haefliger@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for CVE-2024-2658{2,3,4,5} | expand |
On 25.03.24 11:32, Juerg Haefliger wrote: > This patch series fixes the following CVEs: > CVE-2024-26582 > CVE-2024-26583 > CVE-2024-26584 > CVE-2024-26585 > > The patches are all cherry-picks from stable v6.6 so should eventually come in > via an Ubuntu stable update. > > Test case: > 1) Enable async crypto: > $ modprobe tcrypt alg="pcrypt(generic-gcm-aesni)" type=3 > 2) Enable TLS function tracing: > $ echo function_graph > /sys/kernel/tracing/current_tracer > $ echo 'tls_*:mod:tls' > /sys/kernel/tracing/set_ftrace_filter > 3) Run TLS kernel selftests from v6.8: > $ ./linux-6.8/tools/testing/selftests/net/tls > 4) Verify: > - No call traces in the kernel log > - All modified TLS functions were called > - No additional unexpected TLS test failures > > Note that the above test does *not* verify that the CVEs are actually fixed > but merely tries to ensure that the kernel doesn't blow up when exercising > the modified code paths. > > Jakub Kicinski (5): > net: tls: factor out tls_*crypt_async_wait() > tls: fix race between async notify and socket close > tls: fix race between tx work scheduling and socket close > net: tls: handle backlogging of crypto requests > net: tls: fix returned read length with async decrypt > > John Fastabend (1): > net: tls, fix WARNIING in __sk_msg_free > > Sabrina Dubroca (2): > tls: extract context alloc/initialization out of tls_set_sw_offload > net: tls: fix use-after-free with partial reads and async decrypt > > include/net/tls.h | 5 -- > net/tls/tls_sw.c | 223 ++++++++++++++++++++++++---------------------- > 2 files changed, 116 insertions(+), 112 deletions(-) > Cherry picks from linux-6.6.y and regression tested. I guess its due to similar issues and code paths but maybe a short explanation why 4 issues were combined under one submission would be nice. Not really necessary but personally I find it helpful if it is mentioned which kernel versions are affected (in this case I guess the oldest for any of the CVEs) by this. Acked-by: Stefan Bader <stefan.bader@canonical.com>
On Mon, Mar 25, 2024 at 8:34 PM Juerg Haefliger <juerg.haefliger@canonical.com> wrote: > > This patch series fixes the following CVEs: > CVE-2024-26582 > CVE-2024-26583 > CVE-2024-26584 > CVE-2024-26585 > > The patches are all cherry-picks from stable v6.6 so should eventually come in > via an Ubuntu stable update. > > Test case: > 1) Enable async crypto: > $ modprobe tcrypt alg="pcrypt(generic-gcm-aesni)" type=3 > 2) Enable TLS function tracing: > $ echo function_graph > /sys/kernel/tracing/current_tracer > $ echo 'tls_*:mod:tls' > /sys/kernel/tracing/set_ftrace_filter > 3) Run TLS kernel selftests from v6.8: > $ ./linux-6.8/tools/testing/selftests/net/tls > 4) Verify: > - No call traces in the kernel log > - All modified TLS functions were called > - No additional unexpected TLS test failures > > Note that the above test does *not* verify that the CVEs are actually fixed > but merely tries to ensure that the kernel doesn't blow up when exercising > the modified code paths. > > Jakub Kicinski (5): > net: tls: factor out tls_*crypt_async_wait() > tls: fix race between async notify and socket close > tls: fix race between tx work scheduling and socket close > net: tls: handle backlogging of crypto requests > net: tls: fix returned read length with async decrypt > > John Fastabend (1): > net: tls, fix WARNIING in __sk_msg_free > > Sabrina Dubroca (2): > tls: extract context alloc/initialization out of tls_set_sw_offload > net: tls: fix use-after-free with partial reads and async decrypt > > include/net/tls.h | 5 -- > net/tls/tls_sw.c | 223 ++++++++++++++++++++++++---------------------- > 2 files changed, 116 insertions(+), 112 deletions(-) > patch 1 is already in mantic/master-next and the remaining will come in via the 6.6.18 update which we will hopefully get to next week or the week after. Acked-by: Portia Stephens <portia.stephens@canonical.com> > -- > 2.40.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 25.03.24 11:32, Juerg Haefliger wrote: > This patch series fixes the following CVEs: > CVE-2024-26582 > CVE-2024-26583 > CVE-2024-26584 > CVE-2024-26585 > > The patches are all cherry-picks from stable v6.6 so should eventually come in > via an Ubuntu stable update. > > Test case: > 1) Enable async crypto: > $ modprobe tcrypt alg="pcrypt(generic-gcm-aesni)" type=3 > 2) Enable TLS function tracing: > $ echo function_graph > /sys/kernel/tracing/current_tracer > $ echo 'tls_*:mod:tls' > /sys/kernel/tracing/set_ftrace_filter > 3) Run TLS kernel selftests from v6.8: > $ ./linux-6.8/tools/testing/selftests/net/tls > 4) Verify: > - No call traces in the kernel log > - All modified TLS functions were called > - No additional unexpected TLS test failures > > Note that the above test does *not* verify that the CVEs are actually fixed > but merely tries to ensure that the kernel doesn't blow up when exercising > the modified code paths. > > Jakub Kicinski (5): > net: tls: factor out tls_*crypt_async_wait() > tls: fix race between async notify and socket close > tls: fix race between tx work scheduling and socket close > net: tls: handle backlogging of crypto requests > net: tls: fix returned read length with async decrypt > > John Fastabend (1): > net: tls, fix WARNIING in __sk_msg_free > > Sabrina Dubroca (2): > tls: extract context alloc/initialization out of tls_set_sw_offload > net: tls: fix use-after-free with partial reads and async decrypt > > include/net/tls.h | 5 -- > net/tls/tls_sw.c | 223 ++++++++++++++++++++++++---------------------- > 2 files changed, 116 insertions(+), 112 deletions(-) > Applied to mantic:linux/master-next (added CVE number to already applied #1). Thanks. -Stefan