From: Yu Kuai <yukuai1@huaweicloud.com>
To: Chuck Lever III <chuck.lever@oracle.com>,
Yu Kuai <yukuai1@huaweicloud.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
linux-stable <stable@vger.kernel.org>,
"harry.wentland@amd.com" <harry.wentland@amd.com>,
"sunpeng.li@amd.com" <sunpeng.li@amd.com>,
"Rodrigo.Siqueira@amd.com" <Rodrigo.Siqueira@amd.com>,
"alexander.deucher@amd.com" <alexander.deucher@amd.com>,
"christian.koenig@amd.com" <christian.koenig@amd.com>,
"Xinhui.Pan@amd.com" <Xinhui.Pan@amd.com>,
"airlied@gmail.com" <airlied@gmail.com>,
Daniel Vetter <daniel@ffwll.ch>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
Liam Howlett <liam.howlett@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
Hugh Dickins <hughd@google.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Sasha Levin <sashal@kernel.org>,
"srinivasan.shanmugam@amd.com" <srinivasan.shanmugam@amd.com>,
"chiahsuan.chung@amd.com" <chiahsuan.chung@amd.com>,
"mingo@kernel.org" <mingo@kernel.org>,
"mgorman@techsingularity.net" <mgorman@techsingularity.net>,
"chengming.zhou@linux.dev" <chengming.zhou@linux.dev>,
"zhangpeng.00@bytedance.com" <zhangpeng.00@bytedance.com>,
"amd-gfx@lists.freedesktop.org" <amd-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
"maple-tree@lists.infradead.org" <maple-tree@lists.infradead.org>,
linux-mm <linux-mm@kvack.org>,
"yi.zhang@huawei.com" <yi.zhang@huawei.com>,
yangerkun <yangerkun@huawei.com>,
"yukuai (C)" <yukuai3@huawei.com>
Subject: Re: [PATCH 6.6 00/28] fix CVE-2024-46701
Date: Thu, 7 Nov 2024 08:57:23 +0800 [thread overview]
Message-ID: <8bdd405e-0086-5441-e185-3641446ba49d@huaweicloud.com> (raw)
In-Reply-To: <7AB98056-93CC-4DE5-AD42-49BA582D3BEF@oracle.com>
Hi,
在 2024/11/06 23:19, Chuck Lever III 写道:
>
>
>> On Nov 6, 2024, at 1:16 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
>>
>> On Thu, Oct 24, 2024 at 09:19:41PM +0800, Yu Kuai wrote:
>>> From: Yu Kuai <yukuai3@huawei.com>
>>>
>>> Fix patch is patch 27, relied patches are from:
>
> I assume patch 27 is:
>
> libfs: fix infinite directory reads for offset dir
>
> https://lore.kernel.org/stable/20241024132225.2271667-12-yukuai1@huaweicloud.com/
>
> I don't think the Maple tree patches are a hard
> requirement for this fix. And note that libfs did
> not use Maple tree originally because I was told
> at that time that Maple tree was not yet mature.
>
> So, a better approach might be to fit the fix
> onto linux-6.6.y while sticking with xarray.
The painful part is that using xarray is not acceptable, the offet
is just 32 bit and if it overflows, readdir will read nothing. That's
why maple_tree has to be used.
Thanks,
Kuai
>
> This is the first I've heard of this CVE. It
> would help if the patch authors got some
> notification when these are filed.
>
>
>>> - patches from set [1] to add helpers to maple_tree, the last patch to
>>> improve fork() performance is not backported;
>>
>> So things slowed down?
>>
>>> - patches from set [2] to change maple_tree, and follow up fixes;
>>> - patches from set [3] to convert offset_ctx from xarray to maple_tree;
>>>
>>> Please notice that I'm not an expert in this area, and I'm afraid to
>>> make manual changes. That's why patch 16 revert the commit that is
>>> different from mainline and will cause conflict backporting new patches.
>>> patch 28 pick the original mainline patch again.
>>>
>>> (And this is what we did to fix the CVE in downstream kernels).
>>>
>>> [1] https://lore.kernel.org/all/20231027033845.90608-1-zhangpeng.00@bytedance.com/
>>> [2] https://lore.kernel.org/all/20231101171629.3612299-2-Liam.Howlett@oracle.com/T/
>>> [3] https://lore.kernel.org/all/170820083431.6328.16233178852085891453.stgit@91.116.238.104.host.secureserver.net/
>>
>> This series looks rough. I want to have the maintainers of these
>> files/subsystems to ack this before being able to take them.
>>
>> thanks,
>>
>> greg k-h
>
> --
> Chuck Lever
>
>
next prev parent reply other threads:[~2024-11-07 0:57 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 13:19 Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 01/28] maple_tree: add mt_free_one() and mt_attr() helpers Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 02/28] maple_tree: introduce {mtree,mas}_lock_nested() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 03/28] maple_tree: introduce interfaces __mt_dup() and mtree_dup() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 04/28] maple_tree: skip other tests when BENCH is enabled Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 05/28] maple_tree: preserve the tree attributes when destroying maple tree Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 06/28] maple_tree: remove unnecessary default labels from switch statements Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 07/28] maple_tree: make mas_erase() more robust Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 08/28] maple_tree: move debug check to __mas_set_range() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 09/28] maple_tree: add end of node tracking to the maple state Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 10/28] maple_tree: use cached node end in mas_next() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 11/28] maple_tree: use cached node end in mas_destroy() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 12/28] maple_tree: clean up inlines for some functions Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 13/28] maple_tree: add test for mtree_dup() Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 14/28] maple_tree: separate ma_state node from status Yu Kuai
2024-10-24 13:19 ` [PATCH 6.6 15/28] maple_tree: remove mas_searchable() Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 16/28] Revert "maple_tree: correct tree corruption on spanning store" Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 17/28] maple_tree: use maple state end for write operations Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 18/28] maple_tree: don't find node end in mtree_lookup_walk() Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 19/28] maple_tree: mtree_range_walk() clean up Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 20/28] lib/maple_tree.c: fix build error due to hotfix alteration Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 21/28] maple_tree: avoid checking other gaps after getting the largest gap Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 22/28] libfs: Re-arrange locking in offset_iterate_dir() Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 23/28] libfs: Define a minimum directory offset Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 24/28] libfs: Add simple_offset_empty() Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 25/28] maple_tree: Add mtree_alloc_cyclic() Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 26/28] libfs: Convert simple directory offsets to use a Maple Tree Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 27/28] libfs: fix infinite directory reads for offset dir Yu Kuai
2024-10-24 13:22 ` [PATCH 6.6 28/28] maple_tree: correct tree corruption on spanning store Yu Kuai
2024-11-06 15:02 ` Lorenzo Stoakes
2024-11-07 1:22 ` Yu Kuai
2024-11-06 6:16 ` [PATCH 6.6 00/28] fix CVE-2024-46701 Greg KH
2024-11-06 14:44 ` Liam R. Howlett
2024-11-06 15:19 ` Chuck Lever III
2024-11-06 16:21 ` James Bottomley
2024-11-07 0:57 ` Yu Kuai [this message]
2024-11-07 14:41 ` Chuck Lever
2024-11-08 1:19 ` Yu Kuai
2024-11-08 13:23 ` Chuck Lever III
2024-11-08 17:03 ` Liam R. Howlett
2024-11-09 1:38 ` Yu Kuai
2024-11-09 1:30 ` Yu Kuai
2024-11-09 16:58 ` Chuck Lever III
2024-11-11 0:56 ` Yu Kuai
2024-11-07 14:44 ` Liam R. Howlett
2024-11-06 14:43 ` Lorenzo Stoakes
2024-11-07 1:43 ` Yu Kuai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bdd405e-0086-5441-e185-3641446ba49d@huaweicloud.com \
--to=yukuai1@huaweicloud.com \
--cc=Rodrigo.Siqueira@amd.com \
--cc=Xinhui.Pan@amd.com \
--cc=airlied@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=brauner@kernel.org \
--cc=chengming.zhou@linux.dev \
--cc=chiahsuan.chung@amd.com \
--cc=christian.koenig@amd.com \
--cc=chuck.lever@oracle.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=harry.wentland@amd.com \
--cc=hughd@google.com \
--cc=liam.howlett@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
--cc=mgorman@techsingularity.net \
--cc=mingo@kernel.org \
--cc=sashal@kernel.org \
--cc=srinivasan.shanmugam@amd.com \
--cc=stable@vger.kernel.org \
--cc=sunpeng.li@amd.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=yangerkun@huawei.com \
--cc=yi.zhang@huawei.com \
--cc=yukuai3@huawei.com \
--cc=zhangpeng.00@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox