[SRU,N/J/F,0/1] CVE-2024-44940

Message ID	20240925171425.96801-1-bethany.jamison@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Bethany Jamison <bethany.jamison@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][N/J/F][PATCH 0/1] CVE-2024-44940 Date: Wed, 25 Sep 2024 12:14:23 -0500 Message-Id: <20240925171425.96801-1-bethany.jamison@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2024-44940 \| expand [SRU,N/J/F,0/1] CVE-2024-44940 [SRU,J/F,1/1] fou: remove warn in gue_gro_receive on unsupported protocol

Message ID

20240925171425.96801-1-bethany.jamison@canonical.com

Headers

From: Bethany Jamison <bethany.jamison@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][N/J/F][PATCH 0/1] CVE-2024-44940
Date: Wed, 25 Sep 2024 12:14:23 -0500
Message-Id: <20240925171425.96801-1-bethany.jamison@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2024-44940 | expand

Message

Bethany Jamison Sept. 25, 2024, 5:14 p.m. UTC

[Impact]

Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is
not known or does not have a GRO handler.

Such a packet is easily constructed. Syzbot generates them and sets
off this warning.

Remove the warning as it is expected and not actionable.

[Fix]

Noble:	Clean cherry-pick from linux-6.10.y
Jammy:	Backport - use 'goto out_unlock' instead of 'goto out' to
	adjust for not including commit fc1ca3348a74a1af (gro: remove 
	rcu_read_lock/rcu_read_unlock from gro_receive handlers)
Focal:	Jammy patch applied cleanly
Bionic:	fix sent to esm ML
Xenial:	fix sent to esm ML
Trusty:	not-affected

[Test Case]

Compile and boot tested.

[Where problems could occur]

This fix affects those who use FOU (Foo-over-UDP), an issue with this
fix would be visible to the user via continued excessive warnings from
'gue_gro_recieve'.

Willem de Bruijn (1):
  fou: remove warn in gue_gro_receive on unsupported protocol

 net/ipv4/fou_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Bethany Jamison Sept. 25, 2024, 7:01 p.m. UTC | #1

I need to change the Jammy patch -- will resubmit once adjusted

On 9/25/24 12:14 PM, Bethany Jamison wrote:
> [Impact]
>
> Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is
> not known or does not have a GRO handler.
>
> Such a packet is easily constructed. Syzbot generates them and sets
> off this warning.
>
> Remove the warning as it is expected and not actionable.
>
> [Fix]
>
> Noble:	Clean cherry-pick from linux-6.10.y
> Jammy:	Backport - use 'goto out_unlock' instead of 'goto out' to
> 	adjust for not including commit fc1ca3348a74a1af (gro: remove
> 	rcu_read_lock/rcu_read_unlock from gro_receive handlers)
> Focal:	Jammy patch applied cleanly
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use FOU (Foo-over-UDP), an issue with this
> fix would be visible to the user via continued excessive warnings from
> 'gue_gro_recieve'.
>
> Willem de Bruijn (1):
>    fou: remove warn in gue_gro_receive on unsupported protocol
>
>   net/ipv4/fou_core.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>