This sounds good to me.
Greg, can we drop the following patches?
'[PATCH 6.1 14/29] xfs: use xfs_defer_pending objects to recover' '[PATCH 6.1 15/29] xfs: pass the xfs_defer_pending object to iop_recover' '[PATCH 6.1 16/29] xfs: transfer recovered intent item ownership in ->iop_recover'
Thanks, leah
On Mon, Mar 24, 2025 at 1:53 AM Fedor Pchelkin pchelkin@ispras.ru wrote:
On Sun, 23. Mar 17:29, Leah Rumancik wrote:
Okay so a summary from my understanding, correct me if I'm wrong:
03f7767c9f612 introduced the issue in both 6.1 and 6.6.
On mainline, this is resolved by e5f1a5146ec3. This commit is painful to apply to 6.1 but does apply to 6.6 along with the rest of the patchset it was a part of (which is the set you just sent out for 6.6).
Yeah, that's all correct.
With the stable branches we try to balance the risk of introducing new bugs via huge fixes with the benefit of the fix itself. Especially if the patches don't apply cleanly, it might not be worth the risk and effort to do the porting. Hmm, since it seems like we might not even end up taking 03f7767c9f6120 to stable, I'd propose we just drop 03f7767c9f6120 for now. If the rest of the subsequent patches in the original set apply cleanly, I don't think we need to drop them all. We can then try to fix the UAF with a more targeted approach in a later patch instead of via direct cherry-picks.
What do you think?
03f7767c9f6120 is '[PATCH 6.1 14/29] xfs: use xfs_defer_pending objects to recover'
Two subsequent patches depend on it logically so should also be dropped:
'[PATCH 6.1 15/29] xfs: pass the xfs_defer_pending object to iop_recover' '[PATCH 6.1 16/29] xfs: transfer recovered intent item ownership in ->iop_recover'
On the other side, '[PATCH 6.1 13/29] xfs: don't leak recovered attri intent items' which is at the start of the original patchset [1] looks OK to be taken. It's rather aside from the subsequent rework patches and fixes a pinpoint bug.
So I've tried the current xfs backport series with three dropped commits:
[PATCH 6.1 14/29] xfs: use xfs_defer_pending objects to recover [PATCH 6.1 15/29] xfs: pass the xfs_defer_pending object to iop_recover [PATCH 6.1 16/29] xfs: transfer recovered intent item ownership in ->iop_recover
(everything before and after that still applies cleanly and touches other things)
and no regressions seen on my side.