Re: [EXTERNAL] Re: [PATCH 0/1] RFC: linux-5.15.y ksmbd backport for CVE-2023-38431

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 14, 2023 at 08:33:48PM +0900, Namjae Jeon wrote:
> 2023-12-14 17:05 GMT+09:00, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>:
> > On Thu, Dec 14, 2023 at 08:31:44AM +0900, Namjae Jeon wrote:
> >> 2023-12-13 23:36 GMT+09:00, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>:
> >> > On Tue, Dec 12, 2023 at 08:13:37PM +0000, Steven French wrote:
> >> >> Out of curiosity, has there been an alternative approach for some
> >> >> backports, where someone backports most fixes and features (and safe
> >> >> cleanup) but does not backport any of the changesets which have
> >> >> dependencies outside the module (e.g. VFS changes, netfs or mm changes
> >> >> etc.)  to reduce patch dependency risk (ie 70-80% backport instead of
> >> >> the typical 10-20% that are picked up by stable)?
> >> >>
> >> >> For example, we (on the client) ran into issues with 5.15 kernel (for
> >> >> the client) missing so many important fixes and features (and
> >> >> sometimes hard to distinguish when a new feature is also a 'fix') that
> >> >> I did a "full backport" for cifs.ko again a few months ago for 5.15
> >> >> (leaving out about 10% of the patches, those with dependencies or that
> >> >> would be risky).
> >> >
> >> > We did take a "big backport/sync" for io_uring in 5.15.y a while ago,
> >> > so
> >> > there is precident for this.
> >> >
> >> > But really, is anyone even using this feature in 5.15.y anyway?  I
> >> > don't
> >> > know of any major distro using 5.15.y any more, and Android systems
> >> > based on 5.15.y don't use this specific filesystem, so what is left?
> >> > Can we just mark it broken and be done with it?
> >> As I know, ksmbd is enable in 5.15 kernel of some distros(opensuse,
> >> ubuntu, etc) except redhat.
> >
> > But do any of them actually use the 5.15.y kernel tree and take updates
> > from there?  That's the key thing here.
> Yes, openWRT guy said that openWRT use ksmbd module of stable 5.15.y
> kernel for their NAS function.
> The most recent major release, 23.05.x, uses the 5.15 kernel, and the
> kernel version is updated in minor releases.
> https://github.com/openwrt/openwrt/commit/95ebd609ae7bdcdb48c74ad93d747f24c94d4a07
> 
> https://downloads.openwrt.org/releases/23.05.2/targets/x86/64/kmods/5.15.137-1-47964456485559d992fe6f536131fc64/
> 
> https://downloads.openwrt.org/releases/23.05.2/targets/x86/64/kmods/5.15.137-1-47964456485559d992fe6f536131fc64/kmod-fs-ksmbd_5.15.137-1_x86_64.ipk
> 
> https://github.com/openwrt/openwrt/blob/fcf08d9db6a50a3ca6f0b64d105d975ab896cc35/package/kernel/linux/modules/fs.mk#L349

Ok, thanks, that's good to know.  Also you might want to warn them that
it's missing loads of security fixes at this point in time and that they
might want to move to a newer kernel release :)

thanks,

greg k-h




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux