Resolve asan bug in during receive event notification (#4024)
The fuse xlator notify function tries to assign data object to graph
object without checking an event. In case of upcall event data object
represents upcall object so during access of graph object the process
crashed for asan build.
Solution: Access the graph->id only while an event is associated
specifically to fuse xlator
Signed-off-by: Soumya <[email protected]>
---
.../glusterfs/files/CVE-2023-26253.patch | 76 +++++++++++++++++++
recipes-extended/glusterfs/glusterfs.inc | 1 +
2 files changed, 77 insertions(+)
create mode 100644 recipes-extended/glusterfs/files/CVE-2023-26253.patch
diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch
b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
new file mode 100644
index 00000000..828c1626
--- /dev/null
+++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
@@ -0,0 +1,76 @@
+commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
+Author: mohit84 <[email protected]>
+Date: Thu Mar 30 13:02:19 2023 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+
+ The fuse xlator notify function tries to assign data object to graph
+ object without checking an event. In case of upcall event data object
+ represents upcall object so during access of graph object the process
+ crashed for asan build.
+
+ Solution: Access the graph->id only while an event is associated
+ specifically to fuse xlator
+
+ > Fixes: #3954
+ > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+ > Signed-off-by: Mohit Agrawal [email protected]
+ > (Reviewed on upstream link #4019)
+
+ Fixes: #3954
+ Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+
+CVE: CVE-2023-26253
+
+Upstream-Status: Backport
[https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
+
+Signed-off-by: Soumya <[email protected]>
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c
b/xlators/mount/fuse/src/fuse-bridge.c
+index c3945d7..0c01a43 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
++++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ int32_t ret = 0;
+ fuse_private_t *private = NULL;
+ gf_boolean_t start_thread = _gf_false;
++ gf_boolean_t event_graph = _gf_true;
+ glusterfs_graph_t *graph = NULL;
+
+ private
+@@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+
+ graph = data;
+
+- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+- ((graph) ? graph->id : 0));
+-
+ switch (event) {
+ case GF_EVENT_GRAPH_NEW:
+ break;
+@@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ }
+
+ default:
++ /* Set the event_graph to false so that event
++ debug msg would not try to access invalid graph->id
++ while data object is not matched to graph object
++ for ex in case of upcall event data object represents
++ gf_upcall object
++ */
++ event_graph = _gf_false;
+ break;
+ }
+
++ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
++ ((graph && event_graph) ? graph->id : -1));
++
+ return ret;
+ }
+
+--
+2.35.5
+
diff --git a/recipes-extended/glusterfs/glusterfs.inc
b/recipes-extended/glusterfs/glusterfs.inc
index baa8962b..e5bedca1 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
file://glusterd-change-port-range.patch \
file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
+ file://CVE-2023-26253.patch \
"
LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later &
LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later &
Apache-2.0"
--
2.35.5
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#7982):
https://lists.yoctoproject.org/g/meta-virtualization/message/7982
Mute This Topic: https://lists.yoctoproject.org/mt/98191421/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
