[stable,5.10,0/2] introduce stop timer to solve the problem of CVE-2024-26865

Message ID	20240428034948.3186333-1-shaozhengchao@huawei.com (mailing list archive)
Headers	show Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44A036110; Sun, 28 Apr 2024 03:44:31 +0000 (UTC) From: Zhengchao Shao <shaozhengchao@huawei.com> To: <stable@vger.kernel.org> CC: <netdev@vger.kernel.org>, <davem@davemloft.net>, <kuznet@ms2.inr.ac.ru>, <yoshfuji@linux-ipv6.org>, <kuba@kernel.org>, <edumazet@google.com>, <kuniyu@amazon.com>, <weiyongjun1@huawei.com>, <yuehaibing@huawei.com>, <shaozhengchao@huawei.com> Subject: [PATCH stable,5.10 0/2] introduce stop timer to solve the problem of CVE-2024-26865 Date: Sun, 28 Apr 2024 11:49:46 +0800 Message-ID: <20240428034948.3186333-1-shaozhengchao@huawei.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	introduce stop timer to solve the problem of CVE-2024-26865 \| expand [stable,5.10,0/2] introduce stop timer to solve the problem of CVE-2024-26865 [stable,5.10,1/2] tcp: Clean up kernel listener's reqsk in inet_twsk_purge() [stable,5.10,2/2] tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()

Message ID

20240428034948.3186333-1-shaozhengchao@huawei.com (mailing list archive)

Headers

From: Zhengchao Shao <shaozhengchao@huawei.com>
To: <stable@vger.kernel.org>
CC: <netdev@vger.kernel.org>, <davem@davemloft.net>, <kuznet@ms2.inr.ac.ru>,
	<yoshfuji@linux-ipv6.org>, <kuba@kernel.org>, <edumazet@google.com>,
	<kuniyu@amazon.com>, <weiyongjun1@huawei.com>, <yuehaibing@huawei.com>,
	<shaozhengchao@huawei.com>
Subject: [PATCH stable,5.10 0/2] introduce stop timer to solve the problem of
 CVE-2024-26865
Date: Sun, 28 Apr 2024 11:49:46 +0800
Message-ID: <20240428034948.3186333-1-shaozhengchao@huawei.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

introduce stop timer to solve the problem of CVE-2024-26865 | expand

Message

shaozhengchao April 28, 2024, 3:49 a.m. UTC

For the CVE-2024-26865 issue, the stable 5.10 branch code also involves 
this issue. However, the patch of the mainline version cannot be used on 
stable 5.10 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel 
listener' s reqsk in inet_twsk_purge()") is required to stop the timer.

Eric Dumazet (1):
  tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()

Kuniyuki Iwashima (1):
  tcp: Clean up kernel listener's reqsk in inet_twsk_purge()

 net/ipv4/inet_timewait_sock.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

Comments

Greg KH April 29, 2024, 11:11 a.m. UTC | #1

On Sun, Apr 28, 2024 at 11:49:46AM +0800, Zhengchao Shao wrote:
> For the CVE-2024-26865 issue, the stable 5.10 branch code also involves 
> this issue. However, the patch of the mainline version cannot be used on 
> stable 5.10 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel 
> listener' s reqsk in inet_twsk_purge()") is required to stop the timer.

This is also needed for 5.15.y, so we can not take a 5.10.y only patch,
you know this :(

Please also provide a working set of 5.15.y patches and then I'll be
glad to queue these 5.10.y ones up.

thanks,

greg k-h

shaozhengchao April 29, 2024, 12:01 p.m. UTC | #2

Hi Greg KH:
   Thanks for the heads-up. I will work for 5.15.y and 4.19.y.

Thank you.

Zhengchao Shao

On 2024/4/29 19:11, Greg KH wrote:
> On Sun, Apr 28, 2024 at 11:49:46AM +0800, Zhengchao Shao wrote:
>> For the CVE-2024-26865 issue, the stable 5.10 branch code also involves
>> this issue. However, the patch of the mainline version cannot be used on
>> stable 5.10 branch. The commit 740ea3c4a0b2("tcp: Clean up kernel
>> listener' s reqsk in inet_twsk_purge()") is required to stop the timer.
> 
> This is also needed for 5.15.y, so we can not take a 5.10.y only patch,
> you know this :(
> 
> Please also provide a working set of 5.15.y patches and then I'll be
> glad to queue these 5.10.y ones up.
> 
> thanks,
> 
> greg k-h

Greg KH April 29, 2024, 1:33 p.m. UTC | #3

On Mon, Apr 29, 2024 at 08:01:44PM +0800, shaozhengchao wrote:
> 
> Hi Greg KH:
>   Thanks for the heads-up. I will work for 5.15.y and 4.19.y.

Thanks for all of the backports, all now queued up.

greg k-h