On Thu, May 12, 2022 at 10:38:04AM -0700, Meena Shanmugam wrote: > On Thu, May 12, 2022 at 9:23 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Tue, May 10, 2022 at 07:33:23PM -0700, Meena Shanmugam wrote: > > > Hi all, > > > > > > The commit f00432063db1a0db484e85193eccc6845435b80e upstream (SUNRPC: > > > Ensure we flush any closed sockets before xs_xprt_free()) fixes > > > CVE-2022-28893, hence good candidate for stable trees. > > > The above commit depends on 3be232f(SUNRPC: Prevent immediate > > > close+reconnect) and 89f4249(SUNRPC: Don't call connect() more than > > > once on a TCP socket). Commit 3be232f depends on commit > > > e26d9972720e(SUNRPC: Clean up scheduling of autoclose). > > > > > > Commits e26d9972720e, 3be232f, f00432063db1 apply cleanly on 5.10 > > > kernel. commit 89f4249 didn't apply cleanly. I have patch for 89f4249 > > > below. > > > > We also need this for 5.15.y first, before we can apply it to 5.10.y. > > Can you provide a working backport for that tree as well? > > > > And as others pointed out, your patch is totally corrupted and can not > > be used, please fix your email client. > > > > thanks, > > > > greg k-h > > For 5.15.y commit f00432063db1a0db484e85193eccc6845435b80e((SUNRPC: > Ensure we flush any closed sockets before xs_xprt_free())) applies > cleanly. The depend patch > 3be232f(SUNRPC: Prevent immediate close+reconnect) also applies > cleanly. Patch 89f4249 > (SUNRPC: Don't call connect() more than once on a TCP socket) is > already present in 5.15.34 onwards. > > Sorry about the patch corruption, I will fix it. Sorry, but this did not work out at all, I get build errors when attempting it for 5.10.y: CC [M] net/sunrpc/xprtsock.o net/sunrpc/xprtsock.c: In function ‘xs_tcp_setup_socket’: net/sunrpc/xprtsock.c:2276:13: error: too few arguments to function ‘test_and_clear_bit’ 2276 | if (test_and_clear_bit(XPRT_SOCK_CONNECT_SENT), | ^~~~~~~~~~~~~~~~~~ In file included from ./arch/x86/include/asm/bitops.h:391, from ./include/linux/bitops.h:29, from ./include/linux/kernel.h:12, from ./include/asm-generic/bug.h:20, from ./arch/x86/include/asm/bug.h:93, from ./include/linux/bug.h:5, from ./include/linux/mmdebug.h:5, from ./include/linux/gfp.h:5, from ./include/linux/slab.h:15, from net/sunrpc/xprtsock.c:24: ./include/asm-generic/bitops/instrumented-atomic.h:81:20: note: declared here 81 | static inline bool test_and_clear_bit(long nr, volatile unsigned long *addr) | ^~~~~~~~~~~~~~~~~~ net/sunrpc/xprtsock.c:2276:55: warning: left-hand operand of comma expression has no effect [-Wunused-value] 2276 | if (test_and_clear_bit(XPRT_SOCK_CONNECT_SENT), | ^ net/sunrpc/xprtsock.c:2312:17: warning: this statement may fall through [-Wimplicit-fallthrough=] 2312 | set_bit(XPRT_SOCK_CONNECT_SENT, &transport->sock_state); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/sunrpc/xprtsock.c:2313:9: note: here 2313 | case -EALREADY: | ^~~~ make[2]: *** [scripts/Makefile.build:280: net/sunrpc/xprtsock.o] Error 1 make[1]: *** [scripts/Makefile.build:497: net/sunrpc] Error 2 And I am not quite sure what order you want me to apply things for 5.15.y. So please, send me a properly backported series of patches for this for 5.15.y and 5.10.y and I will be glad to pick them up. Right now I'm just confused as this was obviously not tested at all :( thanks, greg k-h