From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Sasha Levin <sashal@kernel.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
syzbot+01985d7909f9468f013c@syzkaller.appspotmail.com,
Alexey Gladkov <legion@kernel.org>
Subject: Re: [PATCH 5.10 036/103] ucounts: Increase ucounts reference counter before the security hook
Date: Fri, 3 Sep 2021 07:00:09 +0200 [thread overview]
Message-ID: <YTGr2ZkgfTCIGVpr@kroah.com> (raw)
In-Reply-To: <YTGrQ2D1/tQR1pCh@kroah.com>
On Fri, Sep 03, 2021 at 06:57:39AM +0200, Greg Kroah-Hartman wrote:
> On Thu, Sep 02, 2021 at 01:06:34PM -0500, Eric W. Biederman wrote:
> > Sasha Levin <sashal@kernel.org> writes:
> >
> > > On Wed, Sep 01, 2021 at 12:26:10PM -0500, Eric W. Biederman wrote:
> > >>Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > >>
> > >>> On Wed, Sep 01, 2021 at 09:25:25AM -0500, Eric W. Biederman wrote:
> > >>>> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
> > >>>>
> > >>>> > From: Alexey Gladkov <legion@kernel.org>
> > >>>> >
> > >>>> > [ Upstream commit bbb6d0f3e1feb43d663af089c7dedb23be6a04fb ]
> > >>>> >
> > >>>> > We need to increment the ucounts reference counter befor security_prepare_creds()
> > >>>> > because this function may fail and abort_creds() will try to decrement
> > >>>> > this reference.
> > >>>>
> > >>>> Has the conversion of the rlimits to ucounts been backported?
> > >>>>
> > >>>> Semantically the code is an improvement but I don't know of any cases
> > >>>> where it makes enough of a real-world difference to make it worth
> > >>>> backporting the code.
> > >>>>
> > >>>> Certainly the ucount/rlimit conversions do not meet the historical
> > >>>> criteria for backports. AKA simple obviously correct patches.
> > >>>>
> > >>>> The fact we have been applying fixes for the entire v5.14 stabilization
> > >>>> period is a testament to the code not quite being obviously correct.
> > >>>>
> > >>>> Without backports the code only affects v5.14 so I have not been
> > >>>> including a Cc stable on any of the commits.
> > >>>>
> > >>>> So color me very puzzled about what is going on here.
> > >>>
> > >>> Sasha picked this for some reason, but if you think it should be
> > >>> dropped, we can easily do so.
> > >>
> > >>My question is what is the reason Sasha picked this up?
> > >>
> > >>If this patch even applies to v5.10 the earlier patches have been
> > >>backported. So we can't just drop this patch. Either the earlier
> > >>backports need to be reverted, or we need to make certain all of the
> > >>patches are backported.
> > >>
> > >>I really am trying to understand what is going on and why.
> > >
> > > I'll happily explain. The commit message is telling us that:
> > >
> > > 1. There is an issue uncovered by syzbot which this patch fixes:
> > >
> > > "Reported-by: syzbot"
> > >
> > > 2. The issue was introduced in 905ae01c4ae2 ("Add a reference to ucounts
> > > for each cred"):
> > >
> > > "Fixes: 905ae01c4ae2"
> > >
> > > Since 905ae01c4ae2 exist in 5.10, and this patch seemed to fix an issue,
> > > I've queued it up.
> >
> > Which begs the question as Alex mentioned how did 905ae01c4ae2 get into
> > 5.10, as it was merged to Linus's tree in the merge window for 5.14.
> >
> > > In general, if we're missing backports, backported something only
> > > partially and should revert it, or anything else that might cause an
> > > issue, we'd be more than happy to work with you to fix it up.
> > >
> > > All the patches we queue up get multiple rounds of emails and reviews,
> > > if there is a better way to solicit reviews so that we won't up in a
> > > place where you haven't noticed something going in earlier we'd be more
> > > than happy to improve that process too.
> >
> > I have the bad feeling that 905ae01c4ae2 was backported because it was a
> > prerequisite to something with a Fixes tag.
> >
> > Fixes tags especially in this instance don't mean code needs to go to
> > stable Fixes tags mean that a bug was fixed. Since I thought the code
> > only existed in Linus's tree, I haven't been adding Cc stable or even
> > thinking about earlier kernels with respect to this code.
> >
> > I honestly can't keep up with the level of review needed for patches
> > targeting Linus's tree. So I occasionally glance at patches destined
> > for the stable tree.
> >
> > Most of the time it is something being backported without a stable tag,
> > but with a fixes tag, that is unnecessary but generally harmless so I
> > ignore it.
> >
> > In this instance it looks like a whole new feature that has had a rocky
> > history and a lot of time to stablize is somehow backported to 5.10 and
> > 5.13. I think all of the known issues are addressed but I won't know
> > if all of the issues syzkaller can find are found for another couple of
> > weeks.
> >
> > Because this code was not obviously correct, because this code did not
> > have a stable tag, because I am not even certain it is stable yet,
> > I am asking do you know how this code that feels to me like feature work
> > wound up being backported? AKA why is 905ae01c4ae2 in 5.10 and 5.13.
>
> Looks like Sasha added it to the tree last week and it went out in the
> last set of releases. Sasha, why was this added? Let me see if it was
> a requirement of some other patch...
Sorry, no, that was this patch, let me get my coffee before I dig into
this...
next prev parent reply other threads:[~2021-09-03 5:00 UTC|newest]
Thread overview: 129+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 12:27 [PATCH 5.10 000/103] 5.10.62-rc1 review Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 001/103] net: qrtr: fix another OOB Read in qrtr_endpoint_post Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 002/103] bpf: Fix ringbuf helper function compatibility Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 003/103] bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 004/103] ASoC: rt5682: Adjust headset volume button threshold Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 005/103] ASoC: component: Remove misplaced prefix handling in pin control functions Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 006/103] ARC: Fix CONFIG_STACKDEPOT Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 007/103] netfilter: conntrack: collect all entries in one cycle Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 008/103] once: Fix panic when module unload Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 009/103] blk-iocost: fix lockdep warning on blkcg->lock Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 010/103] ovl: fix uninitialized pointer read in ovl_lookup_real_one() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 011/103] net: mscc: Fix non-GPL export of regmap APIs Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 012/103] can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 013/103] ceph: correctly handle releasing an embedded cap flush Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 014/103] riscv: Ensure the value of FP registers in the core dump file is up to date Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 015/103] Revert "btrfs: compression: dont try to compress if we dont have enough pages" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 016/103] drm/amdgpu: Cancel delayed work when GFXOFF is disabled Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 017/103] Revert "USB: serial: ch341: fix character loss at high transfer rates" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 018/103] USB: serial: option: add new VID/PID to support Fibocom FG150 Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 019/103] usb: renesas-xhci: Prefer firmware loading on unknown ROM state Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 020/103] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 021/103] usb: dwc3: gadget: Stop EP0 transfers during pullup disable Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 022/103] scsi: core: Fix hang of freezing queue between blocking and running device Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 023/103] RDMA/bnxt_re: Add missing spin lock initialization Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 024/103] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 025/103] RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 026/103] ice: do not abort devlink info if board identifier cant be found Greg Kroah-Hartman
2021-09-01 19:42 ` Pavel Machek
2021-09-01 20:10 ` Pavel Machek
2021-09-01 20:49 ` Keller, Jacob E
2021-09-02 5:56 ` Pavel Machek
2021-09-01 12:27 ` [PATCH 5.10 027/103] net: usb: pegasus: fixes of set_register(s) return value evaluation; Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 028/103] igc: fix page fault when thunderbolt is unplugged Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 029/103] igc: Use num_tx_queues when iterating over tx_ring queue Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 030/103] e1000e: Fix the max snoop/no-snoop latency for 10M Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 031/103] e1000e: Do not take care about recovery NVM checksum Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 032/103] RDMA/efa: Free IRQ vectors on error flow Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 033/103] ip_gre: add validation for csum_start Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 034/103] xgene-v2: Fix a resource leak in the error handling path of xge_probe() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 035/103] net: marvell: fix MVNETA_TX_IN_PRGRS bit number Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 036/103] ucounts: Increase ucounts reference counter before the security hook Greg Kroah-Hartman
2021-09-01 14:25 ` Eric W. Biederman
2021-09-01 16:40 ` Greg Kroah-Hartman
2021-09-01 17:26 ` Eric W. Biederman
2021-09-02 13:04 ` Sasha Levin
2021-09-02 14:28 ` Alexey Gladkov
2021-09-02 18:06 ` Eric W. Biederman
2021-09-03 4:57 ` Greg Kroah-Hartman
2021-09-03 5:00 ` Greg Kroah-Hartman [this message]
2021-09-03 6:50 ` Greg Kroah-Hartman
2021-09-03 14:14 ` Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 037/103] net/sched: ets: fix crash when flipping from strict to quantum Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 038/103] ipv6: use siphash in rt6_exception_hash() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 039/103] ipv4: use siphash instead of Jenkins in fnhe_hashfun() Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 040/103] cxgb4: dont touch blocked freelist bitmap after free Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 041/103] rtnetlink: Return correct error on changing device netns Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 042/103] net: hns3: clear hardware resource when loading driver Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 043/103] net: hns3: add waiting time before cmdq memory is released Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 044/103] net: hns3: fix duplicate node in VLAN list Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 045/103] net: hns3: fix get wrong pfc_en when query PFC configuration Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 046/103] Revert "mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711" Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 047/103] net: stmmac: add mutex lock to protect est parameters Greg Kroah-Hartman
2021-09-01 20:09 ` Pavel Machek
2021-09-02 13:51 ` Sasha Levin
2021-09-01 12:27 ` [PATCH 5.10 048/103] net: stmmac: fix kernel panic due to NULL pointer dereference of plat->est Greg Kroah-Hartman
2021-09-01 12:27 ` [PATCH 5.10 049/103] drm/i915: Fix syncmap memory leak Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 050/103] usb: gadget: u_audio: fix race condition on endpoint stop Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 051/103] dt-bindings: sifive-l2-cache: Fix select matching Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 052/103] perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 053/103] clk: renesas: rcar-usb2-clock-sel: Fix kernel NULL pointer dereference Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 054/103] iwlwifi: pnvm: accept multiple HW-type TLVs Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 055/103] opp: remove WARN when no valid OPPs remain Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 056/103] cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 057/103] virtio: Improve vq->broken access to avoid any compiler optimization Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 058/103] virtio_pci: Support surprise removal of virtio pci device Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 059/103] virtio_vdpa: reject invalid vq indices Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 060/103] vringh: Use wiov->used to check for read/write desc order Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 061/103] tools/virtio: fix build Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 062/103] qed: qed ll2 race condition fixes Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 063/103] qed: Fix null-pointer dereference in qed_rdma_create_qp() Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 064/103] Revert "drm/amd/pm: fix workload mismatch on vega10" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 065/103] drm/amd/pm: change the workload type for some cards Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 066/103] blk-mq: dont grab rqs refcount in blk_mq_check_expired() Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 067/103] drm: Copy drm_wait_vblank to user before returning Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 068/103] drm/nouveau/disp: power down unused DP links during init Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 069/103] drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 070/103] net/rds: dma_map_sg is entitled to merge entries Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 071/103] btrfs: fix race between marking inode needs to be logged and log syncing Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 072/103] pipe: avoid unnecessary EPOLLET wakeups under normal loads Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 073/103] pipe: do FASYNC notifications for every pipe IO, not just state changes Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 074/103] mtd: spinand: Fix incorrect parameters for on-die ECC Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 075/103] tipc: call tipc_wait_for_connect only when dlen is not 0 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 076/103] vt_kdsetmode: extend console locking Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 077/103] Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 078/103] riscv: Fixup wrong ftrace remove cflag Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 079/103] riscv: Fixup patch_text panic in ftrace Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 080/103] perf env: Fix memory leak of bpf_prog_info_linear member Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 081/103] perf symbol-elf: Fix memory leak by freeing sdt_note.args Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 082/103] perf record: Fix memory leak in vDSO found using ASAN Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 083/103] perf tools: Fix arm64 build error with gcc-11 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 084/103] perf annotate: Fix jump parsing for C++ code Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 085/103] powerpc/perf: Invoke per-CPU variable access with disabled interrupts Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 086/103] srcu: Provide internal interface to start a Tree SRCU grace period Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 087/103] srcu: Provide polling interfaces for Tree SRCU grace periods Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 088/103] srcu: Provide internal interface to start a Tiny SRCU grace period Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 089/103] srcu: Make Tiny SRCU use multi-bit grace-period counter Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 090/103] srcu: Provide polling interfaces for Tiny SRCU grace periods Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 091/103] tracepoint: Use rcu get state and cond sync for static call updates Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 092/103] usb: typec: ucsi: acpi: Always decode connector change information Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 093/103] usb: typec: ucsi: Work around PPM losing " Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 094/103] usb: typec: ucsi: Clear pending after acking connector change Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 095/103] net: dsa: mt7530: fix VLAN traffic leaks again Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 096/103] lkdtm: Enable DOUBLE_FAULT on all architectures Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 097/103] arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 098/103] btrfs: fix NULL pointer dereference when deleting device by invalid id Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 099/103] kthread: Fix PF_KTHREAD vs to_kthread() race Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 100/103] Revert "floppy: reintroduce O_NDELAY fix" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 101/103] Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 102/103] net: dont unconditionally copy_from_user a struct ifreq for socket ioctls Greg Kroah-Hartman
2021-09-01 12:28 ` [PATCH 5.10 103/103] audit: move put_tree() to avoid trim_trees refcount underflow and UAF Greg Kroah-Hartman
2021-09-01 16:59 ` [PATCH 5.10 000/103] 5.10.62-rc1 review Fox Chen
2021-09-01 19:24 ` Jon Hunter
2021-09-01 20:08 ` Pavel Machek
2021-09-01 21:21 ` Shuah Khan
2021-09-01 21:48 ` Florian Fainelli
2021-09-02 1:07 ` Samuel Zou
2021-09-02 8:06 ` Naresh Kamboju
2021-09-02 11:55 ` Sudip Mukherjee
2021-09-02 21:58 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTGr2ZkgfTCIGVpr@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ebiederm@xmission.com \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+01985d7909f9468f013c@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox