Public bug reported:
SRU Justification
[Impact]
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.
[Fix]
commit 47f9e4c924025c5be87959d3335e66fcbb7f6b5c ('keys: Do not cache key in
task struct if key is requested from kernel thread')
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily in
task_struct")
[Regression potential]
DNS keys used by CIFS could get confused.
[Other Info]
Though this commit is part of stable updates v5.4.240, MSFT has
requested that it be applied in advance since Focal is only up to
v5.4.233. Linux-azure 5.4 is the only kernel that does not have this
patch.
SF: #00359129
** Affects: linux-azure (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: linux-azure (Ubuntu Focal)
Importance: Medium
Assignee: Tim Gardner (timg-tpi)
Status: In Progress
** Package changed: linux (Ubuntu) => linux-azure (Ubuntu)
** Also affects: linux-azure (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux-azure (Ubuntu)
Status: New => Fix Released
** Changed in: linux-azure (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux-azure (Ubuntu Focal)
Status: New => In Progress
** Changed in: linux-azure (Ubuntu Focal)
Assignee: (unassigned) => Tim Gardner (timg-tpi)
** Description changed:
SRU Justification
[Impact]
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.
[Fix]
commit 47f9e4c924025c5be87959d3335e66fcbb7f6b5c ('keys: Do not cache key in
task struct if key is requested from kernel thread')
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily in
task_struct")
[Regression potential]
- DNS keys could get confused.
+ DNS keys used by CIFS could get confused.
[Other Info]
Though this commit is part of stable updates v5.4.240, MSFT has
requested that it be applied in advance since Focal is only up to
v5.4.233. Linux-azure 5.4 is the only kernel that does not have this
patch.
SF: #00359129
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2017801
Title:
Azure: keys: Do not cache key in task struct if key is requested from
kernel thread
Status in linux-azure package in Ubuntu:
Fix Released
Status in linux-azure source package in Focal:
In Progress
Bug description:
SRU Justification
[Impact]
The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.
[Fix]
commit 47f9e4c924025c5be87959d3335e66fcbb7f6b5c ('keys: Do not cache key in
task struct if key is requested from kernel thread')
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily in
task_struct")
[Regression potential]
DNS keys used by CIFS could get confused.
[Other Info]
Though this commit is part of stable updates v5.4.240, MSFT has
requested that it be applied in advance since Focal is only up to
v5.4.233. Linux-azure 5.4 is the only kernel that does not have this
patch.
SF: #00359129
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2017801/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
