[LTS 8.8 RT] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm #84
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pvts-mat
force-pushed
the
ciqlts8_8-rt-CVE-2022-42896
branch
from
f782661 to
7fdf696
Compare
jira VULN-207 cve CVE-2022-42896 commit-author Luiz Augusto von Dentz <[email protected]> commit f937b75 l2cap_global_chan_by_psm shall not return fixed channels as they are not meant to be connected by (S)PSM. Signed-off-by: Luiz Augusto von Dentz <[email protected]> Reviewed-by: Tedd Ho-Jeong An <[email protected]> (cherry picked from commit f937b75) Signed-off-by: Marcin Wcisło <[email protected]>
pvts-mat
force-pushed
the
ciqlts8_8-rt-CVE-2022-42896
branch
from
7fdf696 to
0a9abf0
Compare
bmastbergen
approved these changes
Jan 27, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CVE-2022-42896
VULN-207
Solution
The bug fix in the mainline is provided1 in two commits:
f937b758a188d6fd328a81367087eddbb2fce50f711f8c3fb3db61897080468586b970c87c61d9e4Of these the
711f8c3is already applied onciqlts8_8-rt(commit698b38781fe5e12c9a62104a6e4d2d09d1b49b68).(Same situation as in #41)
Build
Kernel built on virtual machine instantiated on physical Rocky 9 machine with
from the https://gitlab.conclusive.pl/devices/rocky-patching project. Installed on a testing machine created with
kABI check: omitted
Boot test: passed
boot-test.log
Kselftests: passed relative
Kselftests were split into two parts:
kernel-rt-selftests-internalpackage (for ease of use and stability of the tests) andPackaged tests
Tests set covered
bpflivepatchnetnet/forwardingnet/mptcpnetfiltertc-testingvmTests stability analysis on a reference kernel
A series of 7 test runs were conducted on the reference LTS 8.8 RT kernel
ciqlts8_8-rt(eca3abc5e9ff4cae5b5d2a54869f2196d281aefe) of which 3 finished without issues.kselftests–rpm–ciqlts8_8-rt–run-1.log
kselftests–rpm–ciqlts8_8-rt–run-2.log
kselftests–rpm–ciqlts8_8-rt–run-3.log
It was found that
bpf:test_progs-no_alu32,bpf:test_progs: Sometimes cause the machine to spontaneously reboot, interrupting the tests run.bpf:test_xsk.sh: Sometimes hangs the machine indefinitely.net/mptcp:simult_flows.sh,net:gro.sh,net:udpgro_fwd.shFor the full picture of unit tests stability state refer to the column https://docs.google.com/spreadsheets/d/1tUwJ2rV57cYZXh7momPtraSjZcHDjMYHLeHA3DYWrUU/edit?pli=1&gid=0#gid=0&range=F:F
Patched kernel
A series of 2 test runs were conducted on the patched kernel, with the machine-hanging
bpf:test_xsk.shtest omitted.kselftests–rpm–ciqlts8_8-rt-CVE-2022-42896–run-1.log
kselftests–rpm–ciqlts8_8-rt-CVE-2022-42896–run-2.log
Comparison
With the unstable tests
bpf:test_progs-no_alu32,bpf:test_progs,bpf:test_xsk.sh,net/mptcp:simult_flows.sh,net:gro.sh,net:udpgro_fwd.shomitted all test results are the same in the patched and referential kernels.Source-compiled tests
Tests set covered
breakpointscapabilitiescgroupcorecpu-hotplugcpufreqdrivers/net/bondingdrivers/net/teamefivarfsexecfilesystemsfirmwarefpuftracefutexintel_pstateipckcmpkvmliblivepatchmembarriermemory-hotplugmountmqueuenetnet/forwardingnet/mptcpnetfilternsfsprocpstoreptracertcsgxsigaltstacksizesplicestatic_keyssyncsysctltc-testingtdxtimenstimerstpm2uservmx86zramTests stability analysis on a reference kernel
A series of 2 test runs were conducted on the reference LTS 8.8 RT kernel
ciqlts8_8-rt(eca3abc5e9ff4cae5b5d2a54869f2196d281aefe)kselftests–source–ciqlts8_8-rt–run-1.log
kselftests–source–ciqlts8_8-rt–run-2.log
It was found that three tests are "flappy", their results differing depending on the run:
ipc:msgquekvm:hardware_disable_testnet:devlink_port_split.pyFor the full picture of unit tests stability state refer to the column https://docs.google.com/spreadsheets/d/1tUwJ2rV57cYZXh7momPtraSjZcHDjMYHLeHA3DYWrUU/edit?pli=1&gid=0#gid=0&range=G:G
Patched kernel
A series of 2 test runs were conducted on the patched kernel
kselftests–source–ciqlts8_8-rt-CVE-2022-42896–run-1.log
kselftests–source–ciqlts8_8-rt-CVE-2022-42896–run-2.log
Comparison
With the tests found to be indeterministic in the stability analysis omitted the test results for the patched kernel were the same as for the reference kernel, except for the
kvm:vmx_preemption_timer_testtest.Additional
kvmtest runs on the patched kernel resulted inkvm:vmx_preemption_timer_testagain passing, indicating that this test is also unstablekselftests–source–ciqlts8_8-rt-CVE-2022-42896–run-kvm.log
Additional tests: none
Following the guidelines from the precedent #41.
Footnotes
1 GHSA-pf87-6c9q-jvm4