[LTS 8.6] net: tls, update curr on splice as well

[pvts-mat]

[LTS 8.6]
CVE-2024-0646
VULN-4133

Problem

https://access.redhat.com/security/cve/CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Applicability analysis

The affected file net/tls/tls_sw.c in ciqlts8_6 has the exact same history as in ciqlts8_8, so the analysis provided in #317 can be transferred to this version unchanged - the vulnerability applies to ciqlts8_6.

(Actually the ciqlts8_8 version has one additional commit which is missing from ciqlts8_6 - a924d04. Coincidentally, it's a CVE patch backport for CVE-2022-49094, which may need to be applied to ciqlts8_6 as well.)

Solution

Same as for ciqlts8_8. See #317.

kABI check: passed

DEBUG=1 CVE=CVE-2024-0646 ./ninja.sh _kabi_checked__x86_64--test--ciqlts8_6-CVE-2024-0646

[0/1] Check ABI of kernel [ciqlts8_6-CVE-2024-0646]
++ uname -m
+ python3 /data/src/ctrliq-github/kernel-dist-git-el-8.6/SOURCES/check-kabi -k /data/src/ctrliq-github/kernel-dist-git-el-8.6/SOURCES/Module.kabi_x86_64 -s vms/x86_64--build--ciqlts8_6/build_files/kernel-src-tree-ciqlts8_6-CVE-2024-0646/Module.symvers
kABI check passed
+ touch state/kernels/ciqlts8_6-CVE-2024-0646/x86_64/kabi_checked

Boot test: passed

boot-test.log

Kselftests

General tests: passed relative

Reference

kselftests–ciqlts8_6–run1.log
kselftests–ciqlts8_6–run2.log

Patch

kselftests–ciqlts8_6-CVE-2024-0646–run1.log
kselftests–ciqlts8_6-CVE-2024-0646–run2.log

Comparison

The tests results for reference and patched kernel are the same

$ ktests.xsh diff -d kselftests--ciqlts8_6*.log

Column    File
--------  ---------------------------------------------
Status0   kselftests--ciqlts8_6--run1.log
Status1   kselftests--ciqlts8_6--run2.log
Status2   kselftests--ciqlts8_6-CVE-2024-0646--run1.log
Status3   kselftests--ciqlts8_6-CVE-2024-0646--run2.log

net:tls tests: passed

The general selftests were run for branch ciqlts8_6 on commit 8e48e58, the one before fc9306d which fixed the net:tls results. As this patch applies directly to the tls and net:tls results are important the tests were re-launched on reference kernel at fc9306d and on the patch rebased onto it.

Reference

kselftests–tls–ciqlts8_6–run1.log
kselftests–tls–ciqlts8_6–run2.log
kselftests–tls–ciqlts8_6–run3.log
kselftests–tls–ciqlts8_6–run4.log

Patch

kselftests–tls–ciqlts8_6-CVE-2024-0646–run1.log
kselftests–tls–ciqlts8_6-CVE-2024-0646–run2.log
kselftests–tls–ciqlts8_6-CVE-2024-0646–run3.log
kselftests–tls–ciqlts8_6-CVE-2024-0646–run4.log

Comparison

All tests are passing, before and after.

$ ktests.xsh diff  kselftests--tls*.log

Column    File
--------  --------------------------------------------------
Status0   kselftests--tls--ciqlts8_6--run1.log
Status1   kselftests--tls--ciqlts8_6--run2.log
Status2   kselftests--tls--ciqlts8_6--run3.log
Status3   kselftests--tls--ciqlts8_6--run4.log
Status4   kselftests--tls--ciqlts8_6-CVE-2024-0646--run1.log
Status5   kselftests--tls--ciqlts8_6-CVE-2024-0646--run2.log
Status6   kselftests--tls--ciqlts8_6-CVE-2024-0646--run3.log
Status7   kselftests--tls--ciqlts8_6-CVE-2024-0646--run4.log

TestCase  Status0  Status1  Status2  Status3  Status4  Status5  Status6  Status7  Summary
net:tls   pass     pass     pass     pass     pass     pass     pass     pass     same

Specific tests: skipped

[PlaidCat]

Same context as here: #317 (comment)

The fixes: <sha> target is VERY early in the Centos/Rocky 8 development history

[bmastbergen]

🥌