* Re: CVE-2022-48921: sched/fair: Fix fault in reweight_entity [not found] <2024082218-CVE-2022-48921-5016@gregkh> @ 2024-08-24 9:52 ` Xia Fukun 2024-08-25 5:54 ` Greg Kroah-Hartman 0 siblings, 1 reply; 3+ messages in thread From: Xia Fukun @ 2024-08-24 9:52 UTC (permalink / raw) To: cve, linux-kernel, linux-cve-announce, Greg Kroah-Hartman Cc: Zhangqiao (2012 lab), Chenhui (Judy) On 2024/8/22 11:31, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > sched/fair: Fix fault in reweight_entity > > Syzbot found a GPF in reweight_entity. This has been bisected to > commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid > sched_task_group") > > There is a race between sched_post_fork() and setpriority(PRIO_PGRP) > within a thread group that causes a null-ptr-deref in > reweight_entity() in CFS. The scenario is that the main process spawns > number of new threads, which then call setpriority(PRIO_PGRP, 0, -20), > wait, and exit. For each of the new threads the copy_process() gets > invoked, which adds the new task_struct and calls sched_post_fork() > for it. > > > The Linux kernel CVE team has assigned CVE-2022-48921 to this issue. > Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is reverted by commit b1e8206582f9 ("sched: Fix yet more sched_fork() races"). Since commit 13765de8148f only fixes a single instance of this problem, not the whole class. I think the CVE-2022-48921 needs to adjust the corresponding commit to commit b1e8206582f9 ("sched: Fix yet more sched_fork() races"). ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: CVE-2022-48921: sched/fair: Fix fault in reweight_entity 2024-08-24 9:52 ` CVE-2022-48921: sched/fair: Fix fault in reweight_entity Xia Fukun @ 2024-08-25 5:54 ` Greg Kroah-Hartman 2024-08-30 10:45 ` Greg Kroah-Hartman 0 siblings, 1 reply; 3+ messages in thread From: Greg Kroah-Hartman @ 2024-08-25 5:54 UTC (permalink / raw) To: Xia Fukun Cc: cve, linux-kernel, linux-cve-announce, Zhangqiao (2012 lab), Chenhui (Judy) On Sat, Aug 24, 2024 at 05:52:05PM +0800, Xia Fukun wrote: > > On 2024/8/22 11:31, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > sched/fair: Fix fault in reweight_entity > > > > Syzbot found a GPF in reweight_entity. This has been bisected to > > commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid > > sched_task_group") > > > > There is a race between sched_post_fork() and setpriority(PRIO_PGRP) > > within a thread group that causes a null-ptr-deref in > > reweight_entity() in CFS. The scenario is that the main process spawns > > number of new threads, which then call setpriority(PRIO_PGRP, 0, -20), > > wait, and exit. For each of the new threads the copy_process() gets > > invoked, which adds the new task_struct and calls sched_post_fork() > > for it. > > > > > > The Linux kernel CVE team has assigned CVE-2022-48921 to this issue. > > > > Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") > is reverted by commit b1e8206582f9 ("sched: Fix yet more sched_fork() > races"). Since commit 13765de8148f only fixes a single instance > of this problem, not the whole class. > > I think the CVE-2022-48921 needs to adjust the corresponding commit > to commit b1e8206582f9 ("sched: Fix yet more sched_fork() races"). I think we just need to assign a new CVE to b1e8206582f9, as that was not backported to everywhere that 13765de8148f was applied, right? Wouldn't that be the correct thing to do as it did fix things in a different way. thanks, greg k-h ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: CVE-2022-48921: sched/fair: Fix fault in reweight_entity 2024-08-25 5:54 ` Greg Kroah-Hartman @ 2024-08-30 10:45 ` Greg Kroah-Hartman 0 siblings, 0 replies; 3+ messages in thread From: Greg Kroah-Hartman @ 2024-08-30 10:45 UTC (permalink / raw) To: Xia Fukun Cc: cve, linux-kernel, linux-cve-announce, Zhangqiao (2012 lab), Chenhui (Judy) On Sun, Aug 25, 2024 at 07:54:40AM +0200, Greg Kroah-Hartman wrote: > On Sat, Aug 24, 2024 at 05:52:05PM +0800, Xia Fukun wrote: > > > > On 2024/8/22 11:31, Greg Kroah-Hartman wrote: > > > Description > > > =========== > > > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > > > sched/fair: Fix fault in reweight_entity > > > > > > Syzbot found a GPF in reweight_entity. This has been bisected to > > > commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid > > > sched_task_group") > > > > > > There is a race between sched_post_fork() and setpriority(PRIO_PGRP) > > > within a thread group that causes a null-ptr-deref in > > > reweight_entity() in CFS. The scenario is that the main process spawns > > > number of new threads, which then call setpriority(PRIO_PGRP, 0, -20), > > > wait, and exit. For each of the new threads the copy_process() gets > > > invoked, which adds the new task_struct and calls sched_post_fork() > > > for it. > > > > > > > > > The Linux kernel CVE team has assigned CVE-2022-48921 to this issue. > > > > > > > Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") > > is reverted by commit b1e8206582f9 ("sched: Fix yet more sched_fork() > > races"). Since commit 13765de8148f only fixes a single instance > > of this problem, not the whole class. > > > > I think the CVE-2022-48921 needs to adjust the corresponding commit > > to commit b1e8206582f9 ("sched: Fix yet more sched_fork() races"). > > I think we just need to assign a new CVE to b1e8206582f9, as that was > not backported to everywhere that 13765de8148f was applied, right? > Wouldn't that be the correct thing to do as it did fix things in a > different way. CVE-2022-48944 is now assigned for this, thanks. greg k-h ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-08-30 10:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <2024082218-CVE-2022-48921-5016@gregkh>
2024-08-24 9:52 ` CVE-2022-48921: sched/fair: Fix fault in reweight_entity Xia Fukun
2024-08-25 5:54 ` Greg Kroah-Hartman
2024-08-30 10:45 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox