From: Greg KH <gregkh@linuxfoundation.org>
To: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: cve@kernel.org, edumazet@google.com, ematsumiya@suse.de,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-net@vger.kernel.org, sfrench@samba.org, smfrench@gmail.com,
wangzhaolong1@huawei.com, zhangchangzhong@huawei.com
Subject: Re: Fwd: [PATCH][SMB3 client] fix TCP timers deadlock after rmmod
Date: Wed, 2 Apr 2025 21:28:51 +0100 [thread overview]
Message-ID: <2025040256-spindle-cornea-60ec@gregkh> (raw)
In-Reply-To: <20250402202257.5845-1-kuniyu@amazon.com>
On Wed, Apr 02, 2025 at 01:22:11PM -0700, Kuniyuki Iwashima wrote:
> From: Greg KH <gregkh@linuxfoundation.org>
> Date: Wed, 2 Apr 2025 21:15:58 +0100
> > On Wed, Apr 02, 2025 at 01:09:19PM -0700, Kuniyuki Iwashima wrote:
> > > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > Date: Wed, 2 Apr 2025 16:18:37 +0100
> > > > On Wed, Apr 02, 2025 at 05:15:44PM +0800, Wang Zhaolong wrote:
> > > > > > On Wed, Apr 02, 2025 at 12:49:50PM +0800, Wang Zhaolong wrote:
> > > > > > > Yes, it seems the previous description might not have been entirely clear.
> > > > > > > I need to clearly point out that this patch, intended as the fix for CVE-2024-54680,
> > > > > > > does not actually address any real issues. It also fails to resolve the null pointer
> > > > > > > dereference problem within lockdep. On top of that, it has caused a series of
> > > > > > > subsequent leakage issues.
> > > > > >
> > > > > > If this cve does not actually fix anything, then we can easily reject
> > > > > > it, please just let us know if that needs to happen here.
> > > > > >
> > > > > > thanks,
> > > > > >
> > > > > > greg k-h
> > > > > Hi Greg,
> > > > >
> > > > > Yes, I can confirm that the patch for CVE-2024-54680 (commit e9f2517a3e18)
> > > > > should be rejected. Our analysis shows:
> > > > >
> > > > > 1. It fails to address the actual null pointer dereference in lockdep
> > > > >
> > > > > 2. It introduces multiple serious issues:
> > > > > 1. A socket leak vulnerability as documented in bugzilla #219972
> > > > > 2. Network namespace refcount imbalance issues as described in
> > > > > bugzilla #219792 (which required the follow-up mainline fix
> > > > > 4e7f1644f2ac "smb: client: Fix netns refcount imbalance
> > > > > causing leaks and use-after-free")
> > > > >
> > > > > The next thing we should probably do is:
> > > > > - Reverting e9f2517a3e18
> > > > > - Reverting the follow-up fix 4e7f1644f2ac, as it's trying to fix
> > > > > problems introduced by the problematic CVE patch
> > > >
> > > > Great, can you please send patches now for both of these so we can
> > > > backport them to the stable kernels properly?
> > >
> > > Sent to CIFS tree:
> > > https://lore.kernel.org/linux-cifs/20250402200319.2834-1-kuniyu@amazon.com/
> >
> > You forgot to add a Cc: stable@ on the patches to ensure that they get
> > picked up properly for all stable trees :(
>
> Ah sorry, I did the same with netdev. netdev patches usually do
> not have the tag but are backported fine, maybe netdev local rule ?
Nope, that's the "old" way of dealing with netdev patches, the
documentation was changed years ago, please always put a cc: stable on
it. Otherwise you are just at the whim of our "hey, I'm board, let's
look for Fixes: only tags!" script to catch them, which will also never
notify you of failures.
thanks,
greg k-h
next prev parent reply other threads:[~2025-04-02 20:30 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-18 3:24 [PATCH][SMB3 client] fix TCP timers deadlock after rmmod Steve French
2024-12-19 0:28 ` Fwd: " Steve French
2024-12-19 0:30 ` Steve French
2025-04-01 13:54 ` Wang Zhaolong
2025-04-01 20:26 ` Kuniyuki Iwashima
2025-04-02 0:57 ` Kuniyuki Iwashima
2025-04-02 4:43 ` Wang Zhaolong
2025-04-02 2:01 ` Kuniyuki Iwashima
2025-04-02 4:49 ` Wang Zhaolong
2025-04-02 7:13 ` Greg Kroah-Hartman
2025-04-02 9:15 ` Wang Zhaolong
2025-04-02 15:18 ` Greg Kroah-Hartman
2025-04-02 20:09 ` Kuniyuki Iwashima
2025-04-02 20:15 ` Greg KH
2025-04-02 20:22 ` Kuniyuki Iwashima
2025-04-02 20:28 ` Greg KH [this message]
2025-04-02 20:50 ` Kuniyuki Iwashima
2025-04-02 21:32 ` Greg KH
2025-04-02 21:58 ` Kuniyuki Iwashima
2024-12-19 8:41 ` Kuniyuki Iwashima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025040256-spindle-cornea-60ec@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=edumazet@google.com \
--cc=ematsumiya@suse.de \
--cc=kuniyu@amazon.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=sfrench@samba.org \
--cc=smfrench@gmail.com \
--cc=wangzhaolong1@huawei.com \
--cc=zhangchangzhong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.