lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87y11yavd4.fsf@camandro.org>
Date: Tue, 05 Nov 2024 09:21:59 +0000
From: Luis Henriques <luis.henriques@...ux.dev>
To: Xiubo Li <xiubli@...hat.com>
Cc: Luis Henriques <luis.henriques@...ux.dev>,  alex.markuze@....com,  Ilya
 Dryomov <idryomov@...il.com>,  ceph-devel@...r.kernel.org,
  linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2] ceph: ceph: fix out-of-bound array access when
 doing a file read

Hi Xiubo!

On Tue, Nov 05 2024, Xiubo Li wrote:

> CC Alex
>
> Hi Luis,
>
> Alex will take over it and help push it recently. I am a bit busy with my new
> things these days.

Thanks a lot.  I think the difficult bit to understand (for me, at least!)
are any MDS side-effects, as you earlier mentioned the filelocking
semantics.  I'm not sure if/how this patch may cause troubles there.

> BTW, if possible please join 'ceph' workspace's #cephfs slack channel and you
> could push it faster there ?

I believe that channel is bridged to IRC (OFTC network), where I'm already
lurking (nick 'henrix').  And I see you have already ping'ed others there.
However, I'm currently on PTO, so my replies there may be asynchronous :-)

Cheers,
-- 
Luís

>
> Thanks
>
> - Xiubo
>
>
> 在 2024/11/4 22:34, Luis Henriques 写道:
>> Hi Xiubo, Hi Ilya,
>>
>> On Mon, Sep 30 2024, Luis Henriques wrote:
>> [...]
>>> Hi Xiubo,
>>>
>>> I know you've been busy, but I was wondering if you (or someone else) had
>>> a chance to have a look at this.  It's pretty easy to reproduce, and it
>>> has been seen in production.  Any chances of getting some more feedback on
>>> this fix?
>> It has been a while since I first reported this issue.  Taking the risk of
>> being "that annoying guy", I'd like to ping you again on this.  I've
>> managed to reproduce the issue very easily, and it's also being triggered
>> very frequently in production.  Any news?
>>
>> Cheers,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ