| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<SJ0PR11MB5896816AD0F602EC6354A399C374A@SJ0PR11MB5896.namprd11.prod.outlook.com>
Date: Thu, 12 Jun 2025 21:08:19 +0000
From: "Karan Tilak Kumar (kartilak)" <kartilak@...co.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
CC: "Sesidhar Baddela (sebaddel)" <sebaddel@...co.com>, "Arulprabhu Ponnusamy
(arulponn)" <arulponn@...co.com>, "Dhanraj Jhawar (djhawar)"
<djhawar@...co.com>, "Gian Carlo Boffa (gcboffa)" <gcboffa@...co.com>, "Masa
Kai (mkai2)" <mkai2@...co.com>, "Satish Kharat (satishkh)"
<satishkh@...co.com>, "Arun Easi (aeasi)" <aeasi@...co.com>,
"jejb@...ux.ibm.com" <jejb@...ux.ibm.com>, "martin.petersen@...cle.com"
<martin.petersen@...cle.com>, "linux-scsi@...r.kernel.org"
<linux-scsi@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "jmeneghi@...hat.com" <jmeneghi@...hat.com>,
"revers@...hat.com" <revers@...hat.com>, "stable@...r.kernel.org"
<stable@...r.kernel.org>
Subject: RE: [PATCH v3 2/5] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when
FDMI times out
On Thursday, June 12, 2025 1:39 AM, Dan Carpenter <dan.carpenter@...aro.org> wrote:
>
> On Thu, Jun 12, 2025 at 10:42:30AM +0300, Dan Carpenter wrote:
> > On Wed, Jun 11, 2025 at 05:44:23PM -0700, Karan Tilak Kumar wrote:
> > > When both the RHBA and RPA FDMI requests time out, fnic reuses a frame
> > > to send ABTS for each of them. On send completion, this causes an
> > > attempt to free the same frame twice that leads to a crash.
> > >
> > > Fix crash by allocating separate frames for RHBA and RPA,
> > > and modify ABTS logic accordingly.
> > >
> > > Tested by checking MDS for FDMI information.
> > > Tested by using instrumented driver to:
> > > Drop PLOGI response
> > > Drop RHBA response
> > > Drop RPA response
> > > Drop RHBA and RPA response
> > > Drop PLOGI response + ABTS response
> > > Drop RHBA response + ABTS response
> > > Drop RPA response + ABTS response
> > > Drop RHBA and RPA response + ABTS response for both of them
> > >
> > > Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI")
> > > Reviewed-by: Sesidhar Baddela <sebaddel@...co.com>
> > > Reviewed-by: Arulprabhu Ponnusamy <arulponn@...co.com>
> > > Reviewed-by: Gian Carlo Boffa <gcboffa@...co.com>
> > > Tested-by: Arun Easi <aeasi@...co.com>
> > > Co-developed-by: Arun Easi <aeasi@...co.com>
> > > Signed-off-by: Arun Easi <aeasi@...co.com>
> > > Tested-by: Karan Tilak Kumar <kartilak@...co.com>
> > > Cc: <stable@...r.kernel.org> # 6.14.x Please see patch description
> >
> > I'm a bit confused. Why do we need to specify 6.14.x? I would have
> > assumed that the Fixes tag was enough information. What are we supposed
> > to see in the patch description?
> >
> > I suspect you're making this too complicated... Just put
> > Cc: <stable@...r.kernel.org> and a Fixes tag and let the scripts figure
> > it out. Or put in the commit description, "The Fixes tag points to
> > an older kernel because XXX but really this should only be backported
> > to 6.14.x because YYY."
>
> But here even with the comment in the commit description, you would still
> just say:
>
> Cc: <stable@...r.kernel.org> # 6.14.x
>
> The stable maintainers trust you to list the correct kernel and don't
> need to know the reasoning.
Thanks for clarifying this Dan.
> I much prefer to keep it simple whenever possible. We had bad CVE where
> someone left off the Fixes tag and instead specified
> "Cc: <stable@...r.kernel.org> # 4.1" where 4.1 was the oldest supported
> kernel on kernel.org. The patch should have been applied to the older
> vendor kernels but it wasn't because the the tag was wrong.
>
I understand and agree with you. I prefer to keep it simple as well.
In V4, as you suggested, I'll keep the fixes tag and the Cc: tag and
remove the comments section.
> regards,
> dan carpenter
>
>
Thanks for your review comments.
Regards,
Karan
Powered by blists - more mailing lists