Hi Tj, hi Alessandro, On Thu, Apr 03, 2025 at 09:35:33PM +0100, Tj wrote: > Package: linux-image-6.13.1+debian+tj > Followup-For: Bug #1086175 > X-Debbugs-Cc: tj.iam...@proton.me > > Thank-you for the link to the mail-list bug report Alessandro. That has > resulted in a very recent mainline patch in the current v6.15 > development cycle that likely fixes the bug: > > commit 8542870237c3a48ff049b6c5df5f50c8728284fa > Author: Yu Kuai <yuku...@huawei.com> > Date: Thu Feb 20 20:43:48 2025 +0800 > > md: fix mddev uaf while iterating all_mddevs list > > While iterating all_mddevs list from md_notify_reboot() and md_exit(), > list_for_each_entry_safe is used, and this can race with deletint the > next mddev, causing UAF: > ... > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md/md.c?id=8542870237c3a48ff049b6c5df5f50c8728284fa > > Since this is a race condition it makes some sense that it rarely > affects spinning disks but does affect virtual disks on SSDs and SSDs > themselves since flushing buffers to device before closing will take > longer in most cases. > > Are you able to build and test the current mainline kernel master branch > to verify this patch will fix the bug? > > If verified we can: > > 1) check if the patch or a slightly modified version can be applied to > v6.1 > > 2) suggest to upstream the patch should be backported to the LTS/stable > trees. > > If (2) happens Debian will automatically benefit. > > If you're unable to build a kernel there are a couple of alternatives: > > a) I can build it and share it with you, or > > b) Test it using an Ubuntu mainline kernel build [0] of v6.15-rc* release > candidates once they are published. > > [0] https://kernel.ubuntu.com/mainline/?C=N;O=D
Thanks a lot both for your contributions. I have cherry-picked ahead the commit for our experimental and unstable upload (pending). For 6.1.y the commit won't apply cleanly but given it has Fixes tags accordingly I hope we can see a fix to land in 6.1.y soonish and include it one of our next uploads. Possible we won't be in time for the next point release, but that remains to be seen (e.g. prodding upstream). Regards, Salvatore
