ksmbd: call rcu_barrier() in ksmbd_server_exit()
mainline inclusion from mainline-v6.4-rc1 commit eb307d09 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I74FIB CVE: CVE-2023-32246 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb307d09fe15844fdaebeb8cc8c9b9e925430aa5 -------------------------------- racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown Cc: stable@vger.kernel.org Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20477 Signed-off-by:Namjae Jeon <linkinjeon@kernel.org> Signed-off-by:
Loading
Please sign in to comment