Re: Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Ajay Kaher <ajay.kaher@broadcom.com>
Cc: Brennan Lamoreaux <brennan.lamoreaux@broadcom.com>,
	stable@vger.kernel.org, phaddad@nvidia.com,
	shiraz.saleem@intel.com,
	Alexey Makhalov <alexey.makhalov@broadcom.com>,
	Vasavi Sirnapalli <vasavi.sirnapalli@broadcom.com>
Subject: Re: Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1
Date: Mon, 4 Mar 2024 10:20:28 +0100	[thread overview]
Message-ID: <2024030417-linked-obsessed-7c98@gregkh> (raw)
In-Reply-To: <CAD2QZ9YPmo3X+q8g+_zHd+=Y=_qKFa+xSgvwfTC3dZ0KhiMyOA@mail.gmail.com>

On Mon, Mar 04, 2024 at 02:21:22PM +0530, Ajay Kaher wrote:
> On Mon, Mar 4, 2024 at 12:14 PM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Thu, Feb 29, 2024 at 02:05:39PM +0530, Ajay Kaher wrote:
> > > On Thu, Feb 29, 2024 at 12:13 AM Brennan Lamoreaux
> > > <brennan.lamoreaux@broadcom.com> wrote:
> > > >
> > > > > If you provide a working backport of that commit, we will be glad to
> > > > > apply it.  As-is, it does not apply at all, which is why it was never
> > > > > added to the 6.1.y tree.
> > > >
> > > > Oh, apologies for requesting if they don't apply. I'd be happy to submit
> > > > working backports for these patches, but I am not seeing any issues applying/building
> > > > the patches on my machine... Both patches in sequence applied directly and my
> > > > local build was successful.
> > > >
> > > > This is the workflow I tested:
> > > >
> > > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
> > > > git checkout FETCH_HEAD
> > > > git cherry-pick -x 8d037973d48c026224ab285e6a06985ccac6f7bf
> > > > git cherry-pick -x 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95
> > > > make allyesconfig
> > > > make
> > > >
> > > > Please let me know if I've made a mistake with the above commands, or if these patches aren't applicable
> > > > for some other reason.
> > > >
> > >
> > > I guess the reason is:
> > >
> > > 8d037973d48c026224ab285e6a06985ccac6f7bf doesn't have "Fixes:" and is
> > > not sent to stable@vger.kernel.org.
> > > And 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95 is to Fix
> > > 8d037973d48c026224ab285e6a06985ccac6f7bf,
> > > so no need of 0e158 if 8d03 not backported to that particular branch.
> >
> > Ok, so there's nothing to do here, great!  If there is, please let us
> > know.
> >
> 
> In my previous mail, I was guessing why 8d037973d48c commit was not
> backported to v6.1.
> 
> However Brennan's concern is:
> 
> As per CVE-2023-2176, because of improper cleanup local users can
> crash the system.
> And this crash was reported in v5.19, refer:
> https://lore.kernel.org/all/ec81a9d50462d9b9303966176b17b85f7dfbb96a.1670749660.git.leonro@nvidia.com/#t
> 
> However, fix i.e. 8d037973d48c applied to master from v6.3-rc1 and not
> backported to any stable or LTS.
> So v6.1 is still vulnarbile, so 8d037973d48c and 0e15863015d9 should
> be backported to v6.1.

Ah, thanks, sorry for the confusion.  Both now queued up.

greg k-h

next prev parent reply	other threads:[~2024-03-04  9:20 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-28  0:15 Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1 Brennan Lamoreaux
2024-02-28  4:46 ` Greg KH
2024-02-28 18:41   ` Brennan Lamoreaux
2024-02-29  8:35     ` Ajay Kaher
2024-03-04  6:44       ` Greg KH
2024-03-04  8:51         ` Ajay Kaher
2024-03-04  9:20           ` Greg KH [this message]
2024-03-04  9:41             ` Ajay Kaher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2024030417-linked-obsessed-7c98@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=ajay.kaher@broadcom.com \
    --cc=alexey.makhalov@broadcom.com \
    --cc=brennan.lamoreaux@broadcom.com \
    --cc=phaddad@nvidia.com \
    --cc=shiraz.saleem@intel.com \
    --cc=stable@vger.kernel.org \
    --cc=vasavi.sirnapalli@broadcom.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.