CVE-2023-54283

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Address KCSAN report on bpf_lru_list<br /> <br /> KCSAN reported a data-race when accessing node-&gt;ref.<br /> Although node-&gt;ref does not have to be accurate,<br /> take this chance to use a more common READ_ONCE() and WRITE_ONCE()<br /> pattern instead of data_race().<br /> <br /> There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().<br /> This patch also adds bpf_lru_node_clear_ref() to do the<br /> WRITE_ONCE(node-&gt;ref, 0) also.<br /> <br /> ==================================================================<br /> BUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem<br /> <br /> write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:<br /> __bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]<br /> __bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]<br /> __bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240<br /> bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]<br /> bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]<br /> bpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499<br /> prealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]<br /> __htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316<br /> bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313<br /> bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200<br /> generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687<br /> bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534<br /> __sys_bpf+0x338/0x810<br /> __do_sys_bpf kernel/bpf/syscall.c:5096 [inline]<br /> __se_sys_bpf kernel/bpf/syscall.c:5094 [inline]<br /> __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:<br /> bpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]<br /> __htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332<br /> bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313<br /> bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200<br /> generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687<br /> bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534<br /> __sys_bpf+0x338/0x810<br /> __do_sys_bpf kernel/bpf/syscall.c:5096 [inline]<br /> __se_sys_bpf kernel/bpf/syscall.c:5094 [inline]<br /> __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> value changed: 0x01 -&gt; 0x00<br /> <br /> Reported by Kernel Concurrency Sanitizer on:<br /> CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023<br /> ==================================================================