Re: [PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX

From: Max Kellermann
Date: Tue Nov 19 2024 - 09:54:56 EST

Next message: Markus Elfring: "Re: [PATCH 4/5] alienware-wmi: Fix module init error handling"
Previous message: José Expósito: "Re: [PATCH v3] drm/vkms: Remove index parameter from init_vkms_output"
In reply to: Patrick Donnelly: "Re: [PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX"
Next in thread: Patrick Donnelly: "Re: [PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 19, 2024 at 2:58 PM Patrick Donnelly <pdonnell@xxxxxxxxxx> wrote:
> The protocol does **not** require building the full path for most
> operations unless it involves a snapshot.

We don't use Ceph snapshots, but before today's emergency update, we
could shoot down an arbitrary server with a single (unprivileged)
system call using this vulnerability.

I'm not sure what your point is, but this vulnerability exists, it
works without snapshots and we think it's serious.

Next message: Markus Elfring: "Re: [PATCH 4/5] alienware-wmi: Fix module init error handling"
Previous message: José Expósito: "Re: [PATCH v3] drm/vkms: Remove index parameter from init_vkms_output"
In reply to: Patrick Donnelly: "Re: [PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX"
Next in thread: Patrick Donnelly: "Re: [PATCH] fs/ceph/mds_client: give up on paths longer than PATH_MAX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]