漏洞详情: CVE-2023-52699

漏洞标题
sysv: don't call sb_bread() with pointers_lock held
来源:NVD
Linux kernel 安全漏洞
来源:CNNVD
sysv:不要在pointers_lock持有时调用sb_bread()
来源:神龙机器人
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).
来源:NVD
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于存在死锁错误。
来源:CNNVD
在Linux内核中,已经修复了以下漏洞: sysv:不要在pointers_lock持有时调用sb_bread() syzbot报告了在SysV文件系统中存在睡眠在原子上下文中,这是因为在rw_spinlock持有时调用了sb_bread()。 在Linux 2.5.12中,“用sysvfs-private rwlock替换chain locking的BKL”引入了两个bug:“写_lock(&pointers_lock) => read_lock(&pointers_lock)死锁”和“在pointers_lock的写_lock(&pointers_lock)下调用sb_bread()”。 然后,在Linux 2.6.8中,“[补丁] sysvfs锁定修复err1-40”通过将pointers_lock锁移动到调用者中来修复了前者bug,但是却引入了一个“在pointers_lock的读锁(&pointers_lock)下调用sb_bread()”的bug(这使得这个问题更容易被触发)。 Al Viro建议为什么不象Minix文件系统中的get_branch() / get_block() / find_shared()那样进行操作。这样操作几乎可以撤销“[补丁] sysvfs锁定修复err1-40”的修改,除非在find_shared()中调用get_branch()时不再需要write_lock(&pointers_lock)。
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
其他
来源:CNNVD
相关链接