On Wed, Feb 07, 2024 at 04:11:24PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Feb 07, 2024 at 07:52:50PM +0800, ZhaoLong Wang wrote:
> > Hello,
> >
> > I am sending this patch for inclusion in the stable tree, as it fixes
> > a critical stack-out-of-bounds bug in the cifs module related to the
> > `smb2_set_next_command()` function.
> >
> > Problem Summary:
> > A problem was observed in the `statfs` system call for cifs, where it
> > failed with a "Resource temporarily unavailable" message. Further
> > investigation with KASAN revealed a stack-out-of-bounds error. The
> > root cause was a miscalculation of the size of the `smb2_query_info_req`
> > structure in the `SMB2_query_info_init()` function.
> >
> > This situation arose due to a dependency on a prior commit
> > (`eb3e28c1e89b`) that replaced a 1-element array with a flexible
> > array member in the `smb2_query_info_req` structure. This commit was
> > not backported to the 5.10.y and 5.15.y stable branch, leading to an
> > incorrect size calculation after the backport of commit `33eae65c6f49`.
> >
> > Fix Details:
> > The patch corrects the size calculation to ensure the correct length
> > is used when initializing the `smb2_query_info_req` structure. It has
> > been tested and confirmed to resolve the issue without introducing
> > any regressions.
> >
> > Maybe the prior commit eb3e28c1e89b ("smb3: Replace smb2pdu 1-element
> > arrays with flex-arrays") should be backported to solve this problem
> > directly. The patch does not seem to conflict.
>
> It looks there are several people working on the very same problem
> addint patches right now on top.
>
> See as well https://lore.kernel.org/stable/c4c2f990-20cf-4126-95bd-d14c58e85042@xxxxxxxxxx/
>
> But this is already worked on and the proper solution is to only the
> eb3e28c1e89b backport included?
>
> See as well
> https://lore.kernel.org/regressions/Zb5eL-AKcZpmvYSl@xxxxxxxxxxx/ and
> following.
>
> And this needs to be done consistently for the 5.10.y and 5.15.y
> series.
And I'm totally confused here.
Can someone send me, on top of the patches that are in the current queue
(I'll push out a -rc series soon), for what needs to be done here? Or,
should I just start reverting things?
lost,
greg k-h
