> On Oct 1, 2022, at 12:40 PM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > On Sat, 2022-10-01 at 15:33 +0000, Chuck Lever III wrote: >> Hi Jeff- >> >>> On Oct 1, 2022, at 5:59 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote: >>> >>> nfsd_file is RCU-freed, so it's possible that one could be found that's >>> in the process of being freed and the memory recycled. Ensure we hold >>> the rcu_read_lock while attempting to get a reference on the object. >> >> I'm OK with entertaining clean-up patches in this code, but I >> am skeptical that this patch addresses the concern enumerated >> in bug #394. As you've pointed out to me before, the "UAF on >> DELEGRETURN crashes" appeared well before v5.19, which is the >> kernel release where this bit of code was introduced. >> > > Yeah, there may be more than one bug here. In any case, these patches > should close potential races, so I think we ought to take them. Agreed, all of these are valid and desirable improvements. I've applied the two from yesterday to my internal tree for more testing. I plan to apply this one as well once the wrinkles are ironed out. Since these are a bit late in the cycle, I plan to push the set to Linus after the initial nfsd-6.1 PR, either near the end of the merge window or in -rc1. -- Chuck Lever
