From patchwork Thu Oct 10 19:52:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jacob Martin X-Patchwork-Id: 1995755 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XPgQJ4ykbz1xvf for ; Fri, 11 Oct 2024 06:52:24 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1syzCn-0003Xv-Rf; Thu, 10 Oct 2024 19:52:13 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1syzCm-0003Xl-8e for kernel-team@lists.ubuntu.com; Thu, 10 Oct 2024 19:52:12 +0000 Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 0FEEE3F2E4 for ; Thu, 10 Oct 2024 19:52:12 +0000 (UTC) Received: by mail-il1-f200.google.com with SMTP id e9e14a558f8ab-3a0cd6a028bso11593425ab.0 for ; Thu, 10 Oct 2024 12:52:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728589931; x=1729194731; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ik9h0V9kvcrlx/Srws/vOZbsTZcN0G8gT1io2KFfIGs=; b=lJI6oPnOfEDLOj0feJ1ZYEbYZmsKuoPib9youKc7Y6ZHc3KtKknuOoYYbm/pctFa/c Zn7nMAsUxZRaI9zPIkoIQbw2z/trS9xrznJzKlPy6KVxIUVZBVkTU9y8I/WQ0UHaAGRc O2BTZhtLo2our0Ueb1pFqveJtxz3f3EvDAPoboDOxj+XBKTH7jOZay+oGyMcPGLt2GQ7 Y03yySTd54uf061WLUrEhFYBpkevaYn3tDu6s4AuzIn7A/2ZADaa+mnseGACx99ip9AM Bx0zIK0Oe/rtLIHGM0u2O49CDx6yuTvY9sriENbOEmbSgNl1dE1r+o4hCoi3gzr3hIVz 2FoQ== X-Gm-Message-State: AOJu0YyN6AF0XVsrXMHSiDqzgQSPs6xCCwxL7sSsSKayZPxybUYx+kfr 6oMOGRZzaD5/xP8xLvLvuNROaVRS4QDbGKDoX2PfTS0SxDX5GWxAySftlzd2uN1AsT3cK1Ej6Y1 APzIdAgB0X3VnREGCd1QC+Y09EjW0vsWLHFGU4gHZPhxYZK3PBajY4oZ1DRm7qR6qsvcYg887S9 l4TgGlEIEw4g== X-Received: by 2002:a05:6e02:b44:b0:3a1:f549:7272 with SMTP id e9e14a558f8ab-3a3b5fc3bafmr853775ab.23.1728589930740; Thu, 10 Oct 2024 12:52:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF0MTkVBcxanf9ZUV4m8HNgAEbmtbpvCQnC3MGaVcSTzLF8ToXjWElpRrg7LpUdYLtiSL804A== X-Received: by 2002:a05:6e02:b44:b0:3a1:f549:7272 with SMTP id e9e14a558f8ab-3a3b5fc3bafmr853625ab.23.1728589930384; Thu, 10 Oct 2024 12:52:10 -0700 (PDT) Received: from localhost ([2601:441:8201:e8ff:d80f:9ecf:8e23:3566]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-3a3afdae0e5sm4026215ab.2.2024.10.10.12.52.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Oct 2024 12:52:09 -0700 (PDT) From: Jacob Martin To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH 0/1] CVE-2023-52497 Date: Thu, 10 Oct 2024 14:52:07 -0500 Message-ID: <20241010195208.1956936-1-jacob.martin@canonical.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] The kernel's LZ4 decompression algorithm expects that data being in-place decompressed is located at the end of the end of the output buffer. The EROFS implementation will map in and out buffers without a guarantee on their ordering. While this is incorrect behavior on all CPUs, x86 CPUs declaring the FSRM capability have a memmove implementation that is particularly affected by this misordering, resulting in frequent data corruption. Resolve the issue by always using the output buffer for in-place decompression, with the compressed data placed at the end of it. [Fix] Noble: Fix released Jammy: Fix released Focal: Clean cherry-pick from linux-5.10.y stable branch Bionic: Not affected Xenial: Not affected Trusty: Not affected [Test Case] Compile tested. Verified that an EROFS filesystem could be created, mounted, and read from with its data intact while this patch was applied. # mkdir erofs_test_data erofs_test_mnt # for i in {0..9}; do dd if=/dev/urandom of="erofs_test_data/test$i" bs=1M count=1; done # mkfs.erofs -z lz4 erofs_test.img erofs_test_data # modprobe erofs # mount -o loop erofs_test.img erofs_test_mnt # diff -qr erofs_test_data erofs_test_mnt [Where problems could occur] This fix modifies the LZO decompression behavior of the EROFS filesystem specifically. Issues with this fix are likely to only affect use of the EROFS filesystem. Gao Xiang (1): erofs: fix lz4 inplace decompression fs/erofs/decompressor.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) Acked-by: Guoqing Jiang Acked-by: Ivan Hu