lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024110625-earwig-deport-d050@gregkh>
Date: Wed, 6 Nov 2024 07:16:00 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Yu Kuai <yukuai1@...weicloud.com>
Cc: stable@...r.kernel.org, harry.wentland@....com, sunpeng.li@....com,
	Rodrigo.Siqueira@....com, alexander.deucher@....com,
	christian.koenig@....com, Xinhui.Pan@....com, airlied@...il.com,
	daniel@...ll.ch, viro@...iv.linux.org.uk, brauner@...nel.org,
	Liam.Howlett@...cle.com, akpm@...ux-foundation.org,
	hughd@...gle.com, willy@...radead.org, sashal@...nel.org,
	srinivasan.shanmugam@....com, chiahsuan.chung@....com,
	mingo@...nel.org, mgorman@...hsingularity.net, yukuai3@...wei.com,
	chengming.zhou@...ux.dev, zhangpeng.00@...edance.com,
	chuck.lever@...cle.com, amd-gfx@...ts.freedesktop.org,
	dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, maple-tree@...ts.infradead.org,
	linux-mm@...ck.org, yi.zhang@...wei.com, yangerkun@...wei.com
Subject: Re: [PATCH 6.6 00/28] fix CVE-2024-46701

On Thu, Oct 24, 2024 at 09:19:41PM +0800, Yu Kuai wrote:
> From: Yu Kuai <yukuai3@...wei.com>
> 
> Fix patch is patch 27, relied patches are from:
> 
>  - patches from set [1] to add helpers to maple_tree, the last patch to
> improve fork() performance is not backported;

So things slowed down?

>  - patches from set [2] to change maple_tree, and follow up fixes;
>  - patches from set [3] to convert offset_ctx from xarray to maple_tree;
> 
> Please notice that I'm not an expert in this area, and I'm afraid to
> make manual changes. That's why patch 16 revert the commit that is
> different from mainline and will cause conflict backporting new patches.
> patch 28 pick the original mainline patch again.
> 
> (And this is what we did to fix the CVE in downstream kernels).
> 
> [1] https://lore.kernel.org/all/20231027033845.90608-1-zhangpeng.00@bytedance.com/
> [2] https://lore.kernel.org/all/20231101171629.3612299-2-Liam.Howlett@oracle.com/T/
> [3] https://lore.kernel.org/all/170820083431.6328.16233178852085891453.stgit@91.116.238.104.host.secureserver.net/

This series looks rough.  I want to have the maintainers of these
files/subsystems to ack this before being able to take them.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ