CVE-2022-48674

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: fix pcluster use-after-free on UP platforms<br /> <br /> During stress testing with CONFIG_SMP disabled, KASAN reports as below:<br /> <br /> ==================================================================<br /> BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30<br /> Read of size 8 at addr ffff8881094223f8 by task stress/7789<br /> <br /> CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3<br /> Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011<br /> Call Trace:<br /> <br /> ..<br /> __mutex_lock+0xe5/0xc30<br /> ..<br /> z_erofs_do_read_page+0x8ce/0x1560<br /> ..<br /> z_erofs_readahead+0x31c/0x580<br /> ..<br /> Freed by task 7787<br /> kasan_save_stack+0x1e/0x40<br /> kasan_set_track+0x20/0x30<br /> kasan_set_free_info+0x20/0x40<br /> __kasan_slab_free+0x10c/0x190<br /> kmem_cache_free+0xed/0x380<br /> rcu_core+0x3d5/0xc90<br /> __do_softirq+0x12d/0x389<br /> <br /> Last potentially related work creation:<br /> kasan_save_stack+0x1e/0x40<br /> __kasan_record_aux_stack+0x97/0xb0<br /> call_rcu+0x3d/0x3f0<br /> erofs_shrink_workstation+0x11f/0x210<br /> erofs_shrink_scan+0xdc/0x170<br /> shrink_slab.constprop.0+0x296/0x530<br /> drop_slab+0x1c/0x70<br /> drop_caches_sysctl_handler+0x70/0x80<br /> proc_sys_call_handler+0x20a/0x2f0<br /> vfs_write+0x555/0x6c0<br /> ksys_write+0xbe/0x160<br /> do_syscall_64+0x3b/0x90<br /> <br /> The root cause is that erofs_workgroup_unfreeze() doesn&amp;#39;t reset to<br /> orig_val thus it causes a race that the pcluster reuses unexpectedly<br /> before freeing.<br /> <br /> Since UP platforms are quite rare now, such path becomes unnecessary.<br /> Let&amp;#39;s drop such specific-designed path directly instead.