Re: Fwd: [PATCH][SMB3 client] fix TCP timers deadlock after rmmod

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: <gregkh@linuxfoundation.org>
Cc: <cve@kernel.org>, <edumazet@google.com>, <ematsumiya@suse.de>,
	<kuniyu@amazon.com>, <linux-fsdevel@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <linux-net@vger.kernel.org>,
	<sfrench@samba.org>, <smfrench@gmail.com>,
	<wangzhaolong1@huawei.com>, <zhangchangzhong@huawei.com>
Subject: Re: Fwd: [PATCH][SMB3 client] fix TCP timers deadlock after rmmod
Date: Wed, 2 Apr 2025 14:58:49 -0700	[thread overview]
Message-ID: <20250402215855.18968-1-kuniyu@amazon.com> (raw)
In-Reply-To: <2025040207-yippee-unlearned-4b1c@gregkh>

From: Greg KH <gregkh@linuxfoundation.org>
Date: Wed, 2 Apr 2025 22:32:58 +0100
> On Wed, Apr 02, 2025 at 01:50:05PM -0700, Kuniyuki Iwashima wrote:
> > From: Greg KH <gregkh@linuxfoundation.org>
> > Date: Wed, 2 Apr 2025 21:28:51 +0100
> > > On Wed, Apr 02, 2025 at 01:22:11PM -0700, Kuniyuki Iwashima wrote:
> > > > From: Greg KH <gregkh@linuxfoundation.org>
> > > > Date: Wed, 2 Apr 2025 21:15:58 +0100
> > > > > On Wed, Apr 02, 2025 at 01:09:19PM -0700, Kuniyuki Iwashima wrote:
> > > > > > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > > > > Date: Wed, 2 Apr 2025 16:18:37 +0100
> > > > > > > On Wed, Apr 02, 2025 at 05:15:44PM +0800, Wang Zhaolong wrote:
> > > > > > > > > On Wed, Apr 02, 2025 at 12:49:50PM +0800, Wang Zhaolong wrote:
> > > > > > > > > > Yes, it seems the previous description might not have been entirely clear.
> > > > > > > > > > I need to clearly point out that this patch, intended as the fix for CVE-2024-54680,
> > > > > > > > > > does not actually address any real issues. It also fails to resolve the null pointer
> > > > > > > > > > dereference problem within lockdep. On top of that, it has caused a series of
> > > > > > > > > > subsequent leakage issues.
> > > > > > > > > 
> > > > > > > > > If this cve does not actually fix anything, then we can easily reject
> > > > > > > > > it, please just let us know if that needs to happen here.
> > > > > > > > > 
> > > > > > > > > thanks,
> > > > > > > > > 
> > > > > > > > > greg k-h
> > > > > > > > Hi Greg,
> > > > > > > > 
> > > > > > > > Yes, I can confirm that the patch for CVE-2024-54680 (commit e9f2517a3e18)
> > > > > > > > should be rejected. Our analysis shows:
> > > > > > > > 
> > > > > > > > 1. It fails to address the actual null pointer dereference in lockdep
> > > > > > > > 
> > > > > > > > 2. It introduces multiple serious issues:
> > > > > > > >    1. A socket leak vulnerability as documented in bugzilla #219972
> > > > > > > >    2. Network namespace refcount imbalance issues as described in
> > > > > > > >      bugzilla #219792 (which required the follow-up mainline fix
> > > > > > > >      4e7f1644f2ac "smb: client: Fix netns refcount imbalance
> > > > > > > >      causing leaks and use-after-free")
> > > > > > > > 
> > > > > > > > The next thing we should probably do is:
> > > > > > > >    - Reverting e9f2517a3e18
> > > > > > > >    - Reverting the follow-up fix 4e7f1644f2ac, as it's trying to fix
> > > > > > > >      problems introduced by the problematic CVE patch
> > > > > > > 
> > > > > > > Great, can you please send patches now for both of these so we can
> > > > > > > backport them to the stable kernels properly?
> > > > > > 
> > > > > > Sent to CIFS tree:
> > > > > > https://lore.kernel.org/linux-cifs/20250402200319.2834-1-kuniyu@amazon.com/
> > > > > 
> > > > > You forgot to add a Cc: stable@ on the patches to ensure that they get
> > > > > picked up properly for all stable trees :(
> > > > 
> > > > Ah sorry, I did the same with netdev.  netdev patches usually do
> > > > not have the tag but are backported fine, maybe netdev local rule ?
> > > 
> > > Nope, that's the "old" way of dealing with netdev patches, the
> > > documentation was changed years ago, please always put a cc: stable on
> > > it.  Otherwise you are just at the whim of our "hey, I'm board, let's
> > > look for Fixes: only tags!" script to catch them, which will also never
> > > notify you of failures.
> > 
> > Good to know that, thanks!
> > 
> > My concern was that I could spam the list if I respin the patches,
> > and incomplete patch could be backported.
> > 
> > >From stable-kernel-rules.rst, such an accident can be prevented if
> > someone points out a problem within 48 hours ?
> > 
> > For example, if v1 is posted with Cc:stable, and a week later
> > v2 is posted, then the not-yet-upstreamed v1 could be backported ?
> > 
> 
> Anything can be asked to be applied to stable once it is in Linus's
> tree, but if you add the cc: stable stuff to the original patch, it will
> be done automatically for you.

Now I understood.  The process is triggered only after the patch
is merged to Linus' tree.  I assumed the workflow is triggered by
the patch email itself.

Thanks for explaining!

next prev parent reply	other threads:[~2025-04-02 21:59 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-18  3:24 [PATCH][SMB3 client] fix TCP timers deadlock after rmmod Steve French
2024-12-19  0:28 ` Fwd: " Steve French
2024-12-19  0:30   ` Steve French
2025-04-01 13:54   ` Wang Zhaolong
2025-04-01 20:26     ` Kuniyuki Iwashima
2025-04-02  0:57       ` Kuniyuki Iwashima
2025-04-02  4:43         ` Wang Zhaolong
2025-04-02  2:01     ` Kuniyuki Iwashima
2025-04-02  4:49       ` Wang Zhaolong
2025-04-02  7:13         ` Greg Kroah-Hartman
2025-04-02  9:15           ` Wang Zhaolong
2025-04-02 15:18             ` Greg Kroah-Hartman
2025-04-02 20:09               ` Kuniyuki Iwashima
2025-04-02 20:15                 ` Greg KH
2025-04-02 20:22                   ` Kuniyuki Iwashima
2025-04-02 20:28                     ` Greg KH
2025-04-02 20:50                       ` Kuniyuki Iwashima
2025-04-02 21:32                         ` Greg KH
2025-04-02 21:58                           ` Kuniyuki Iwashima [this message]
2024-12-19  8:41 ` Kuniyuki Iwashima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250402215855.18968-1-kuniyu@amazon.com \
    --to=kuniyu@amazon.com \
    --cc=cve@kernel.org \
    --cc=edumazet@google.com \
    --cc=ematsumiya@suse.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-net@vger.kernel.org \
    --cc=sfrench@samba.org \
    --cc=smfrench@gmail.com \
    --cc=wangzhaolong1@huawei.com \
    --cc=zhangchangzhong@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.