Google Git
Sign in
cos / third_party / kernel / acc8a4a96d4e8b33bf29ce61c12513b705ed310b
commitacc8a4a96d4e8b33bf29ce61c12513b705ed310b[log] [tgz]
authorHerbert Xu <[email protected]>Thu Aug 04 18:03:46 2022 +0800
committerAnil Altinay <[email protected]>Wed Sep 14 22:10:42 2022 +0000
treeec8c0a4ea137ab2a5dc316d63044a4c2aa520675
parentef0d3334ca2448558cea31de5a86eecf33b8e175 [diff]
af_key: Do not call xfrm_probe_algs in parallel

[ Upstream commit ba953a9d89a00c078b85f4b190bc1dde66fe16b5 ]

When namespace support was added to xfrm/afkey, it caused the
previously single-threaded call to xfrm_probe_algs to become
multi-threaded.  This is buggy and needs to be fixed with a mutex.

BUG=b/245720223
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2022-3028 in the Linux kernel.

cos-patch: security-high
Reported-by: Abhishek Shah <[email protected]>
Fixes: 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy locks")
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Change-Id: Id852aece0b73fb8cee79d0e910c6fdd90cba5f31
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/36939
Tested-by: Cusky Presubmit Bot <[email protected]>
Reviewed-by: Robert Kolchmeyer <[email protected]>
1 file changed
tree: ec8c0a4ea137ab2a5dc316d63044a4c2aa520675
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. google/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. PRESUBMIT.cfg
  37. README