Patch "udf: fix uninit-value use in udf_get_fileshortad" missing from stable kernel v5.10
Hi Greg/Sasha/All,
Patch "udf: fix uninit-value use in udf_get_fileshortad" which is commit 264db9d666ad in the mainline kernel, fixes CVE-2024-50143. The patch from mainline was first backported to stable versions 5.15.170, 6.1.115, 6.6.59, 6.11.6. Ref: https://lore.kernel.org/all/2024110743-CVE-2024-50143-4678@gregkh/
But later on, this patch was backported into v5.4 with https://github.com/gregkh/linux/commit/417bd613bdbe & into v4.19 with https://github.com/gregkh/linux/commit/5eb76fb98b33. But in v5.10, it was missed. When I looked at LKML to find if there were any reported issues which led to dropping this patch in v5.10, I couldn't find any. I guess this might have been missed accidentally.
Assuming the backport process would be the same as in other cases, I tried to get the backported patch locally from v5.15. The patch gets applied cleanly, but unfortunately, it generates build warnings.
" fs/udf/inode.c: In function ���udf_current_aext���:
./include/linux/overflow.h:70:15: warning: comparison of distinct pointer types lacks a cast 70 | (void) (&__a == &__b); \ | ^~ fs/udf/inode.c:2199:7: note: in expansion of macro ���check_add_overflow��� 2199 | if (check_add_overflow(sizeof(struct allocExtDesc), | ^~~~~~~~~~~~~~~~~~ ./include/linux/overflow.h:71:15: warning: comparison of distinct pointer types lacks a cast 71 | (void) (&__a == __d); \ | ^~ fs/udf/inode.c:2199:7: note: in expansion of macro ���check_add_overflow��� 2199 | if (check_add_overflow(sizeof(struct allocExtDesc), "
I had a look at the nearest stable versions v5.4 & v5.15 to check for any dependent patches, but I couldn't find a cleanly applicable dependent patch. I will give it a try to backport this missed patch to v5.10 in the background.
I am still new to kernel development & mailing lists, but what I know from Greg's other conversations is that missing a patch in between stable trees can generate regressions. Thus, I thought of reporting this issue first to the mailing list, as I am not sure how big of an impact this would have.
Thanks, Shubham
On Mon 15-09-25 20:04:59, skulkarni@mvista.com wrote:
Hi Greg/Sasha/All,
Patch "udf: fix uninit-value use in udf_get_fileshortad" which is commit 264db9d666ad in the mainline kernel, fixes CVE-2024-50143. The patch from mainline was first backported to stable versions 5.15.170, 6.1.115, 6.6.59, 6.11.6. Ref: https://lore.kernel.org/all/2024110743-CVE-2024-50143-4678@gregkh/
But later on, this patch was backported into v5.4 with https://github.com/gregkh/linux/commit/417bd613bdbe & into v4.19 with https://github.com/gregkh/linux/commit/5eb76fb98b33. But in v5.10, it was missed. When I looked at LKML to find if there were any reported issues which led to dropping this patch in v5.10, I couldn't find any. I guess this might have been missed accidentally.
Assuming the backport process would be the same as in other cases, I tried to get the backported patch locally from v5.15. The patch gets applied cleanly, but unfortunately, it generates build warnings.
" fs/udf/inode.c: In function ‘udf_current_aext’:
./include/linux/overflow.h:70:15: warning: comparison of distinct pointer types lacks a cast 70 | (void) (&__a == &__b); \ | ^~ fs/udf/inode.c:2199:7: note: in expansion of macro ‘check_add_overflow’ 2199 | if (check_add_overflow(sizeof(struct allocExtDesc), | ^~~~~~~~~~~~~~~~~~ ./include/linux/overflow.h:71:15: warning: comparison of distinct pointer types lacks a cast 71 | (void) (&__a == __d); \ | ^~ fs/udf/inode.c:2199:7: note: in expansion of macro ‘check_add_overflow’ 2199 | if (check_add_overflow(sizeof(struct allocExtDesc), "
I had a look at the nearest stable versions v5.4 & v5.15 to check for any dependent patches, but I couldn't find a cleanly applicable dependent patch. I will give it a try to backport this missed patch to v5.10 in the background.
I think it was d219d2a9a92e ("overflow: Allow mixed type arguments") that fixed this. So you either need push that to 5.10 as well or you need to manually typecast arguments of check_add_overflow() in the backport of the udf fix...
Honza
linux-stable-mirror@lists.linaro.org
-
Jan Kara -
skulkarni@mvista.com