On 12/4/24 10:52 AM, cel@xxxxxxxxxx wrote:
From: Chuck Lever <chuck.lever@xxxxxxxxxx> The purpose of this series is to construct a set of upstream fixes that can be backported to v6.6 to address CVE-2024-46701. My original plan was to add a cursor dentry. However, I've found a solution that does not need one. In fact, most or all of the reported issues are gone with 4/5. Thus I'm not sure 5/5 is necessary, but it seems like a robust improvement. Changes since v3: - Series is no longer RFC - Series passes xfstests locally and via NFS export - Patch 2/5 was replaced; it now removes simple_offset_empty() - 4/5 and 5/5 were rewritten based on test results - Patch descriptions have been clarified This series (still against v6.12) has been pushed to: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/log/?h=tmpfs-fixes Next step is to try backporting these to v6.6 to see if anything else is needed. Chuck Lever (5): libfs: Return ENOSPC when the directory offset range is exhausted Revert "libfs: Add simple_offset_empty()" Revert "libfs: fix infinite directory reads for offset dir" libfs: Replace simple_offset end-of-directory detection libfs: Use d_children list to iterate simple_offset directories fs/libfs.c | 158 ++++++++++++++++++++++----------------------- include/linux/fs.h | 1 - mm/shmem.c | 4 +- 3 files changed, 81 insertions(+), 82 deletions(-)
I've backported these, as a proof of concept, to origin/linux-6.6.y. You can find that here: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/log/?h=nfsd-6.6.y This series passes xfstests, including generic/736. It would be a little cleaner if I could also backport da549bdd15c2 ("dentry: switch the lists of children to hlist"), but that has similar risks as backporting the Maple tree patches. -- Chuck Lever
