> On Dec 2, 2024, at 4:09 AM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, Nov 20, 2024 at 02:13:15PM -0500, cel@xxxxxxxxxx wrote: >> From: Chuck Lever <chuck.lever@xxxxxxxxxx> >> >> [ Upstream commit 8d915bbf39266bb66082c1e4980e123883f19830 ] > > What about kernel versions greater than 5.4? Like 5.10, 5.15, 6.1, and > 6.6 for this change? Shouldn't it also be needed there? Good catch. My rationale is: Asynchronous COPY offload is needed to implement NFSv4.2 server-to-server COPY offload. The upstream patches that address the CVE don't apply cleanly to linux-5.4.y. However, 5.4 kernels do not have NFSv4.2 server-to-server COPY offload, thus this change, which simply disables async COPY, has no user-visible impact. So I decided the easy, low-impact way to address the CVE for v5.4 was applying only this patch. The newer LTS kernels do have server-to-server COPY offload, thus if this patch is applied, they would see a behavior regression whenever CONFIG_NFSD_V4_2_INTER_SSC is enabled. The upstream patches that address the CVE apply cleanly to these kernels, and I've sent those to stable@ already. As these were separate patch series, there wasn't an obvious place to add a cover letter that explains this. -- Chuck Lever
