* [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253
@ 2023-04-11 4:07 Soumya
2023-04-12 17:08 ` Bruce Ashfield
0 siblings, 1 reply; 2+ messages in thread
From: Soumya @ 2023-04-11 4:07 UTC (permalink / raw)
To: meta-virtualization; +Cc: Soumya
Resolve asan bug in during receive event notification (#4024)
The fuse xlator notify function tries to assign data object to graph
object without checking an event. In case of upcall event data object
represents upcall object so during access of graph object the process
crashed for asan build.
Solution: Access the graph->id only while an event is associated
specifically to fuse xlator
Signed-off-by: Soumya <soumya.sambu@windriver.com>
---
.../glusterfs/files/CVE-2023-26253.patch | 76 +++++++++++++++++++
recipes-extended/glusterfs/glusterfs.inc | 1 +
2 files changed, 77 insertions(+)
create mode 100644 recipes-extended/glusterfs/files/CVE-2023-26253.patch
diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
new file mode 100644
index 00000000..828c1626
--- /dev/null
+++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
@@ -0,0 +1,76 @@
+commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
+Author: mohit84 <moagrawa@redhat.com>
+Date: Thu Mar 30 13:02:19 2023 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+
+ The fuse xlator notify function tries to assign data object to graph
+ object without checking an event. In case of upcall event data object
+ represents upcall object so during access of graph object the process
+ crashed for asan build.
+
+ Solution: Access the graph->id only while an event is associated
+ specifically to fuse xlator
+
+ > Fixes: #3954
+ > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+ > Signed-off-by: Mohit Agrawal moagrawa@redhat.com
+ > (Reviewed on upstream link #4019)
+
+ Fixes: #3954
+ Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+
+CVE: CVE-2023-26253
+
+Upstream-Status: Backport [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
+index c3945d7..0c01a43 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ int32_t ret = 0;
+ fuse_private_t *private = NULL;
+ gf_boolean_t start_thread = _gf_false;
++ gf_boolean_t event_graph = _gf_true;
+ glusterfs_graph_t *graph = NULL;
+
+ private
+@@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+
+ graph = data;
+
+- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+- ((graph) ? graph->id : 0));
+-
+ switch (event) {
+ case GF_EVENT_GRAPH_NEW:
+ break;
+@@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ }
+
+ default:
++ /* Set the event_graph to false so that event
++ debug msg would not try to access invalid graph->id
++ while data object is not matched to graph object
++ for ex in case of upcall event data object represents
++ gf_upcall object
++ */
++ event_graph = _gf_false;
+ break;
+ }
+
++ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++ ((graph && event_graph) ? graph->id : -1));
++
+ return ret;
+ }
+
+--
+2.35.5
+
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index baa8962b..e5bedca1 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
file://glusterd-change-port-range.patch \
file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
+ file://CVE-2023-26253.patch \
"
LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0"
--
2.35.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253
2023-04-11 4:07 [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253 Soumya
@ 2023-04-12 17:08 ` Bruce Ashfield
0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2023-04-12 17:08 UTC (permalink / raw)
To: Soumya; +Cc: meta-virtualization
In message: [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253
on 11/04/2023 Soumya wrote:
> Resolve asan bug in during receive event notification (#4024)
>
> The fuse xlator notify function tries to assign data object to graph
> object without checking an event. In case of upcall event data object
> represents upcall object so during access of graph object the process
> crashed for asan build.
>
> Solution: Access the graph->id only while an event is associated
> specifically to fuse xlator
merged.
Bruce
>
> Signed-off-by: Soumya <soumya.sambu@windriver.com>
> ---
> .../glusterfs/files/CVE-2023-26253.patch | 76 +++++++++++++++++++
> recipes-extended/glusterfs/glusterfs.inc | 1 +
> 2 files changed, 77 insertions(+)
> create mode 100644 recipes-extended/glusterfs/files/CVE-2023-26253.patch
>
> diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
> new file mode 100644
> index 00000000..828c1626
> --- /dev/null
> +++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
> @@ -0,0 +1,76 @@
> +commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
> +Author: mohit84 <moagrawa@redhat.com>
> +Date: Thu Mar 30 13:02:19 2023 +0530
> +Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
> + (#4024)
> +
> + The fuse xlator notify function tries to assign data object to graph
> + object without checking an event. In case of upcall event data object
> + represents upcall object so during access of graph object the process
> + crashed for asan build.
> +
> + Solution: Access the graph->id only while an event is associated
> + specifically to fuse xlator
> +
> + > Fixes: #3954
> + > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
> + > Signed-off-by: Mohit Agrawal moagrawa@redhat.com
> + > (Reviewed on upstream link #4019)
> +
> + Fixes: #3954
> + Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
> +
> +CVE: CVE-2023-26253
> +
> +Upstream-Status: Backport [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
> +
> +Signed-off-by: Soumya <soumya.sambu@windriver.com>
> +---
> + xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
> + 1 file changed, 11 insertions(+), 3 deletions(-)
> +
> +diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
> +index c3945d7..0c01a43 100644
> +--- a/xlators/mount/fuse/src/fuse-bridge.c
> ++++ b/xlators/mount/fuse/src/fuse-bridge.c
> +@@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> + int32_t ret = 0;
> + fuse_private_t *private = NULL;
> + gf_boolean_t start_thread = _gf_false;
> ++ gf_boolean_t event_graph = _gf_true;
> + glusterfs_graph_t *graph = NULL;
> +
> + private
> +@@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> +
> + graph = data;
> +
> +- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
> +- ((graph) ? graph->id : 0));
> +-
> + switch (event) {
> + case GF_EVENT_GRAPH_NEW:
> + break;
> +@@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
> + }
> +
> + default:
> ++ /* Set the event_graph to false so that event
> ++ debug msg would not try to access invalid graph->id
> ++ while data object is not matched to graph object
> ++ for ex in case of upcall event data object represents
> ++ gf_upcall object
> ++ */
> ++ event_graph = _gf_false;
> + break;
> + }
> +
> ++ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
> ++ ((graph && event_graph) ? graph->id : -1));
> ++
> + return ret;
> + }
> +
> +--
> +2.35.5
> +
> diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
> index baa8962b..e5bedca1 100644
> --- a/recipes-extended/glusterfs/glusterfs.inc
> +++ b/recipes-extended/glusterfs/glusterfs.inc
> @@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
> file://glusterd-change-port-range.patch \
> file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
> file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
> + file://CVE-2023-26253.patch \
> "
>
> LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0"
> --
> 2.35.5
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7982): https://lists.yoctoproject.org/g/meta-virtualization/message/7982
> Mute This Topic: https://lists.yoctoproject.org/mt/98191421/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-04-12 17:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-11 4:07 [meta-virtualization][kirkstone][PATCH 1/1] fuse: Fix CVE-2023-26253 Soumya
2023-04-12 17:08 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.