From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 774972F3622; Mon, 25 May 2026 15:33:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779723206; cv=none; b=Jfqd9HkeUzoC44sSj32SHSzOTnDt92CEPChcNBBDVANrjrC4pp7ldXCwlkOU2l6Y5cXIdumpvjWR1bC5ZHPXEaVpbpFhnZJbxwoUTBfw/1IWnXXPCYaHD6wRelWEWo5ezy4mTThF5OwIt8UYBo3YnSGAPk7SKFnG0kSKpjzrv40= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779723206; c=relaxed/simple; bh=aDcx+VQmOf2XdRM5Id4fujHLXW4J3bjRieGzK5YzJWY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bO1gzhQs+qsNuQ8ZkJAX0UCzSv6rwmO6kihe0dga2ImLtM03FOwBQQ9R/sZf/gZJJv9+I3gXbCD6gUETz7IIOs5FIiBTzKK8wh1bJVirXgwHCIK7M/Eqlj00yTsJg9q9vpPsxB4unLVmKdSsHm7w5KxyQh8csZONkM6ap6LSyhE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UHWYfbAf; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UHWYfbAf" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 710311F000E9; Mon, 25 May 2026 15:33:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1779723203; bh=LoKP29w67YxAXncqjv5o0wt4C+gh1N3vAMniw9h2o3U=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=UHWYfbAfRgsSgYXACmIRLtxmmW+L4HdSYVD3GkQIxmNOI1uvg/wI16Vy4+k9OT7Cf BgtBx+PwUw1kq0AsYsoeUWTG0dIPuSUJKoUOddshYpuC9Rfe80P7OkYqncXhDxh7gr 7+SKtHD9yKzSm6jzYTBlk763JJ2mFY07TyH8CAV2uWqxfXuqbr6sZq9vWkr1fw/J1A OYKSi8vn3PFfpmBKm2rgX1aL6Ijpj2q0AEIB5AbuUjTL0qA5Z+NRqCTkz6PX5mL9lY WuPzlbXIc5YFdGHHKWzwkiMhnAqKvsAEKgG0j64vnnYo8esdNS3xsIZtsHD9mILkQV RbbpHb7GIft/A== From: Sasha Levin To: gregkh@linuxfoundation.org, stable@vger.kernel.org Cc: Sasha Levin , linux-kernel@vger.kernel.org, linkinjeon@kernel.org, stfrench@microsoft.com, d.ornaghi97@gmail.com, knavaneeth786@gmail.com, Alva Lan Subject: Re: [PATCH 6.6.y v2 0/3] ksmbd: validate owner of durable handle on reconnect Date: Mon, 25 May 2026 11:33:09 -0400 Message-ID: <20260525152512.agent5-0006@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Mon, May 25, 2026 at 06:38:58PM +0800, Alva Lan wrote: > This series backports three upstream commits to the 6.6.y stable branch > to address CVE-2026-31717. > > Upstream commits: > - 098c0ac3808c ("ksmbd: avoid reclaiming expired durable opens by the client") > - 894947e0736d ("ksmbd: add durable scavenger timer") > - 49110a8ce654 ("ksmbd: validate owner of durable handle on reconnect") Two notes before this can be queued: 1. The short SHAs in the cover letter for patches 1 and 2 do not resolve in mainline. The correct upstream SHAs are 520da3c488c5 ("ksmbd: avoid reclaiming expired durable opens by the client") and d484d621d40f ("ksmbd: add durable scavenger timer"). Please fix the cover letter on the next spin. 2. More importantly, this series adds the durable scavenger (d484d621d40f) without its critical follow-up bf736184d063d ("ksmbd: close durable scavenger races against m_fp_list lookups", Fixes: d484d621d40f). That follow-up closes two KASAN-validated bugs in the scavenger code: an fp->node list-head reuse that corrupts f_ci->m_fp_list via list_add(&fp->node, &scavenger_list), and a refcount race between scavenger qualification under global_ft.lock and m_fp_list walkers that races to a UAF. Please include bf736184d063d in the next revision so we are not knowingly queuing the scavenger with these races still open. Also, given the patches are authored by Namjae, an Acked-by from him on the 6.6.y adaptation would be helpful before I pick this up. -- Thanks, Sasha