On Mon, Dec 02, 2024 at 02:19:13PM +0000, Chuck Lever III wrote: > > > > On Dec 2, 2024, at 4:09 AM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Wed, Nov 20, 2024 at 02:13:15PM -0500, cel@xxxxxxxxxx wrote: > >> From: Chuck Lever <chuck.lever@xxxxxxxxxx> > >> > >> [ Upstream commit 8d915bbf39266bb66082c1e4980e123883f19830 ] > > > > What about kernel versions greater than 5.4? Like 5.10, 5.15, 6.1, and > > 6.6 for this change? Shouldn't it also be needed there? > > Good catch. My rationale is: > > Asynchronous COPY offload is needed to implement NFSv4.2 > server-to-server COPY offload. > > The upstream patches that address the CVE don't apply > cleanly to linux-5.4.y. However, 5.4 kernels do not have > NFSv4.2 server-to-server COPY offload, thus this change, > which simply disables async COPY, has no user-visible > impact. So I decided the easy, low-impact way to address > the CVE for v5.4 was applying only this patch. > > The newer LTS kernels do have server-to-server COPY offload, > thus if this patch is applied, they would see a behavior > regression whenever CONFIG_NFSD_V4_2_INTER_SSC is enabled. > The upstream patches that address the CVE apply cleanly to > these kernels, and I've sent those to stable@ already. > > As these were separate patch series, there wasn't an > obvious place to add a cover letter that explains this. Ok, that's fine, we'll just leave this as-is, thanks! greg k-h
