Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:sysv: don't call sb_bread() with pointers_lock heldsyzbot is reporting sleep in atomic context in SysV filesystem [1], forsb_bread() is called with rw_spinlock held.A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bugand a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by"Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed theformer bug by moving pointers_lock lock to the callers, but insteadintroduced a "sb_bread() with read_lock(&pointers_lock)" bug (which madethis problem easier to hit).Al Viro suggested that why not to do like get_branch()/get_block()/find_shared() in Minix filesystem does. And doing like that is almost arevert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).
- https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76
No PoCs found on GitHub currently.