From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87174D59F53 for ; Wed, 6 Nov 2024 16:21:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EDF246B0092; Wed, 6 Nov 2024 11:21:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E8F0B6B0096; Wed, 6 Nov 2024 11:21:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D877E6B0098; Wed, 6 Nov 2024 11:21:58 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id BA2AE6B0092 for ; Wed, 6 Nov 2024 11:21:58 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 57741C1C5E for ; Wed, 6 Nov 2024 16:21:58 +0000 (UTC) X-FDA: 82756185414.25.7B7D079 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by imf10.hostedemail.com (Postfix) with ESMTP id CBD11C000F for ; Wed, 6 Nov 2024 16:21:38 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=cU5QPBMw; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=cU5QPBMw; dmarc=pass (policy=none) header.from=hansenpartnership.com; spf=pass (imf10.hostedemail.com: domain of James.Bottomley@HansenPartnership.com designates 96.44.175.130 as permitted sender) smtp.mailfrom=James.Bottomley@HansenPartnership.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730909947; a=rsa-sha256; cv=none; b=8KoJKnh/m3ZtI9w/pDvKj8D/DACa/q+paDqkIsy2jJac1QSY4CIUIixsajrbqjeMiAaK9Z 3e46y1ZTgv4LyBxQFb8qkVOsozHAsNW+hCFNst1857es4Sar2UHelUpUDUhsxNVG1uwwMI Pc26PiVtiSpluD2cgePNmVnytoYqeH8= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=cU5QPBMw; dkim=pass header.d=hansenpartnership.com header.s=20151216 header.b=cU5QPBMw; dmarc=pass (policy=none) header.from=hansenpartnership.com; spf=pass (imf10.hostedemail.com: domain of James.Bottomley@HansenPartnership.com designates 96.44.175.130 as permitted sender) smtp.mailfrom=James.Bottomley@HansenPartnership.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730909947; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6RVn8aZQyFzek742x/cJB32xQlZWURFED6Eusf5XPRI=; b=Efc6TmZXjy4OE5cOlY2B7XOn3XUr6C1wX1tv+YbhcATbH+73GAsGB1WujKlus/aGuXVpkp ntEm3QkW6Qen0FHMwZlmNFRHWzgxHsFDXrmCgHPPgyAJJIM1A1GLi9UYHZhBi5TJPLk6cM 11tv3GftQYA/aYZdMxTojK8RwAC9TLc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1730910110; bh=HQshn+aokYOzX2PpyF6fG/q8hoNYMwDs17z7ySDbn+I=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=cU5QPBMw0ZGmjN/yoxh7HPiQzwCj5iIh2GWiCibNLbuDqXnHEbBP++cZJh7NLQfaj 2PUWA5eoBUff5V46dVuBXE95G365AUDvoAZnZVg5H/qcj9KGyuc98nbud5cU/mVIAv MH/4GJURB9MmQTZvIS+yvvfXyqRGdDcyU1T1aLbQ= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 9A9AF1286919; Wed, 06 Nov 2024 11:21:50 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id cgtYq2N-FNZZ; Wed, 6 Nov 2024 11:21:50 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1730910110; bh=HQshn+aokYOzX2PpyF6fG/q8hoNYMwDs17z7ySDbn+I=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=cU5QPBMw0ZGmjN/yoxh7HPiQzwCj5iIh2GWiCibNLbuDqXnHEbBP++cZJh7NLQfaj 2PUWA5eoBUff5V46dVuBXE95G365AUDvoAZnZVg5H/qcj9KGyuc98nbud5cU/mVIAv MH/4GJURB9MmQTZvIS+yvvfXyqRGdDcyU1T1aLbQ= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::a774]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id EE24A1286912; Wed, 06 Nov 2024 11:21:46 -0500 (EST) Message-ID: <9e9e54cdd4905b58470f674aefcfd4dabca4108d.camel@HansenPartnership.com> Subject: Re: [PATCH 6.6 00/28] fix CVE-2024-46701 From: James Bottomley To: Chuck Lever III , Yu Kuai Cc: Greg KH , linux-stable , "harry.wentland@amd.com" , "sunpeng.li@amd.com" , "Rodrigo.Siqueira@amd.com" , "alexander.deucher@amd.com" , "christian.koenig@amd.com" , "Xinhui.Pan@amd.com" , "airlied@gmail.com" , Daniel Vetter , Al Viro , Christian Brauner , Liam Howlett , Andrew Morton , Hugh Dickins , "Matthew Wilcox (Oracle)" , Sasha Levin , "srinivasan.shanmugam@amd.com" , "chiahsuan.chung@amd.com" , "mingo@kernel.org" , "mgorman@techsingularity.net" , "yukuai3@huawei.com" , "chengming.zhou@linux.dev" , "zhangpeng.00@bytedance.com" , "amd-gfx@lists.freedesktop.org" , "dri-devel@lists.freedesktop.org" , Linux Kernel Mailing List , Linux FS Devel , "maple-tree@lists.infradead.org" , linux-mm , "yi.zhang@huawei.com" , yangerkun Date: Wed, 06 Nov 2024 11:21:45 -0500 In-Reply-To: <7AB98056-93CC-4DE5-AD42-49BA582D3BEF@oracle.com> References: <20241024132009.2267260-1-yukuai1@huaweicloud.com> <2024110625-earwig-deport-d050@gregkh> <7AB98056-93CC-4DE5-AD42-49BA582D3BEF@oracle.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Stat-Signature: bqui198sss1dkxufznp1azy83n3684di X-Rspamd-Queue-Id: CBD11C000F X-Rspamd-Server: rspam08 X-Rspam-User: X-HE-Tag: 1730910098-196181 X-HE-Meta: U2FsdGVkX18NsIIE6MTJT4WofC3hW0u87BdOy+AD4G0HUmYKkh3SeBhwYDhhTP/FcDHcKLWIGgZbhiPfNOsHWC6hnFgH5IdszGuvS9Noa+J1gCP0uuuJpOaZp9k0FGfWDw3Wbs3Fk0+n8LIlj3duS62QSZ0yIl+dAkeO5W5w447y4jDRjjJCx1quI8n91asR5EgCAdh7kHBPlWPePW0Fv70JhHGB8GphDe6v3K9AtOVGj/E1eHrt8MSh4wmSLIS+Pbxb4C5cIlOK3x0rbDE9abJIw1V1n/fVEj6YwOAfVtqImK2+pKTcoe4tJQBtLBewgIPZY/S2Yci9Vt2jQlY25m/AF3NgBkTiMfxiVDtkuSm0/odxP3d5B4A9Tlb2wn/ZfqQFyLqKGubtnM9MhRWQMOTofPd+kqcJowMv/u8Pp7Tvmcq01IshV7XbatUAitNazs3Foj3MEHS4YG8jP2ZCOl/hr3SpLgHXfenYDAK8Qw66YXky0cvXH3eO/4FwSOvEgqPs6IdXM8k56ZdcUAyvgAc/mlyeEv5hv9/H5bnl+p+LBRq0TAXrYJRgSzzUJs57K1ErOWARpsn9pqP9joWde8nvTwegfVqF8vo/FtuYO4xZKy/NgMFSRif34Fh38p6EfKTNtio6FB7GDZIpUA71uEMzyk6TIGoBTwWgimoYhGxV5ZyhA3TDgzyWIS1yHAx8s4CPOglJmoJscMUJZ09xkxGwFeh/60MUvs5q/gFT/jRK96ox9b+4VW8wWs8AAtZ7bsFYik91nH18Ilk1G27oMZlcsTteRIz2nFXm0F7O8APHN1Kg1qD+x02Yg0Ro3MVgSUjpdK0RvjkyTL/kYVoED6OkgHloQlAYGInZNyUOE0YkX2ONtKac5lWSpclZivpBU0i6+2BvDPOqMNvPxvV/qLAIWEPS+LX2ckZ1N4yfZlLw4y2/FOaAOBA/Dojlxh9jNTCij0O+y/xcREL1z1R wW+0iC9G Nada1hj4JIC3ScguJT9VNjDRV049/4akv1wujNsBQKOPyfILgLNv9nDGnJMPvOXmQslxDRW9fIPDWurE+sh0AAVUpV5kUKYFwlGR7O/4U4Eq4Q7XNsL5QQYl/9jox4DAkMrFBhztLBd5hQokAOr57o2i6E1DJl9wgcJmPSnST8dejX7Yy2WEs09OtbtUi9TBRl4c8iGnMf+XD7uUsaaHNsqcVoGJszC5ughIGvAUfLUHQf8BuV/kJJ93pXAIsFYxqJ18T14zu2W4Fbh8EO77dvx/zca3xZl3aIc1xY4Mrr8KjvqiXz0xsW9AOSgCnMsX9+qH9xNEc5APljay7XtSz/mpyEZpU/eDZGPz8OlgaSQBYOKdkIU6ieEpFGoW2VMaadwtLzt+mMEZmBsIqM3cGo5rRV6JwGilbxREb2O1PCN39wK814Vhe17Lo8ZeBO6SJ/yV8mAukbBrHIZ/J1WXLbL3Wcg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 2024-11-06 at 15:19 +0000, Chuck Lever III wrote: > This is the first I've heard of this CVE. It > would help if the patch authors got some > notification when these are filed. Greg did it; it came from the kernel CNA: https://www.cve.org/CVERecord?id=CVE-2024-46701 The way it seems to work is that this is simply a wrapper for the upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a Which is what appears as the last stable reference. I assume someone investigated and added the vulnerable kernel details. I think the theory is that since you reviewed the original upstream patch, stable just takes care of the backports and CVE management of the existing fix through the normal stable process. James