Re: [PATCH 5.4 0/3] usb: hso: backport CVE-2021-37159 fix

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Salvatore Bonaccorso <carnil@debian.org>
To: Ovidiu Panait <ovidiu.panait@windriver.com>
Cc: Sasha Levin <sashal@kernel.org>, stable@vger.kernel.org, greg@kroah.com
Subject: Re: [PATCH 5.4 0/3] usb: hso: backport CVE-2021-37159 fix
Date: Sat, 2 Oct 2021 20:51:07 +0200	[thread overview]
Message-ID: <YViqG5Yun6N7bhVl@eldamar.lan> (raw)
In-Reply-To: <18e2816e-cf21-27c2-afc6-bc46fcebde88@windriver.com>

Hi,

On Sat, Oct 02, 2021 at 03:36:21PM +0300, Ovidiu Panait wrote:
> Hi Sasha,
> 
> On 10/1/21 7:55 PM, Sasha Levin wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> > 
> > On Wed, Sep 29, 2021 at 11:03:19AM +0300, Ovidiu Panait wrote:
> > > Hi Salvatore,
> > > 
> > > On 9/28/21 10:29 PM, Salvatore Bonaccorso wrote:
> > > > [Please note: This e-mail is from an EXTERNAL e-mail address]
> > > > 
> > > > Hi Ovidiu
> > > > 
> > > > On Tue, Sep 28, 2021 at 04:15:20PM +0300, Ovidiu Panait wrote:
> > > > > All 3 upstream commits apply cleanly:
> > > > >    * 5fcfb6d0bfcd ("hso: fix bailout in error case of
> > > > > probe") is a support
> > > > >      patch needed for context
> > > > >    * a6ecfb39ba9d ("usb: hso: fix error handling code of
> > > > > hso_create_net_device")
> > > > >      is the actual fix
> > > > >    * dcb713d53e2e ("usb: hso: remove the bailout parameter")
> > > > > is a follow up
> > > > >      cleanup commit
> > > > > 
> > > > > Dongliang Mu (2):
> > > > >   usb: hso: fix error handling code of hso_create_net_device
> > > > >   usb: hso: remove the bailout parameter
> > > > > 
> > > > > Oliver Neukum (1):
> > > > >   hso: fix bailout in error case of probe
> > > > > 
> > > > >  drivers/net/usb/hso.c | 33 +++++++++++++++++++++++----------
> > > > >  1 file changed, 23 insertions(+), 10 deletions(-)
> > > > Noticing you sent this patch series for 4.14, 4.19 and 5.4 but am I
> > > > right that the last commit dcb713d53e2e ("usb: hso: remove the bailout
> > > > parameter") as cleanup commit should ideally as well be applied to
> > > > 5.10.y and 5.14.y?
> > > > 
> > > > Whilst it's probably not strictly needed it would otherwise leave the
> > > > upper 5.10.y and 5.14.y inconsistent with those where these series are
> > > > applied.
> > > 
> > > You're right, I have sent the cleanup patch for 5.10/5.14 integration
> > > as well:
> > > 
> > > https://lore.kernel.org/stable/20210929075940.1961832-1-ovidiu.panait@windriver.com/T/#t
> > > 
> > 
> > Why do we need that cleanup commit in <=5.4 to begin with? Does it
> > actually fix anything?
> > 
> The cleanup patch was part of the same patchset with a6ecfb39ba9d ("usb:
> hso: fix error handling code of hso_create_net_device") fix .
> 
> 
> I think it can be dropped, as it doesn't seem to fix anything. Can only the
> first two commits be cherry-picked for <=5.4, or should I resend?

Probably the right thing to do, Sasha and Ovidiu. Picking it would
have the small advantage of future commits to backport which would
conflict around the changed lines.

But I have no voice on that matter, I was really only going thorugh
some stable commits backports request covering CVEs and noticed the
submission and it's discrepancy.

For Debian I have for now picked all three commits on top of 4.19.208.

Regards,
Salvatore

next prev parent reply	other threads:[~2021-10-02 18:51 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-28 13:15 [PATCH 5.4 0/3] usb: hso: backport CVE-2021-37159 fix Ovidiu Panait
2021-09-28 13:15 ` [PATCH 5.4 1/3] hso: fix bailout in error case of probe Ovidiu Panait
2021-09-28 13:15 ` [PATCH 5.4 2/3] usb: hso: fix error handling code of hso_create_net_device Ovidiu Panait
2021-09-28 13:15 ` [PATCH 5.4 3/3] usb: hso: remove the bailout parameter Ovidiu Panait
2021-09-28 19:29 ` [PATCH 5.4 0/3] usb: hso: backport CVE-2021-37159 fix Salvatore Bonaccorso
2021-09-29  8:03   ` Ovidiu Panait
2021-10-01 16:55     ` Sasha Levin
2021-10-02 12:36       ` Ovidiu Panait
2021-10-02 18:51         ` Salvatore Bonaccorso [this message]
2021-10-04 11:15 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YViqG5Yun6N7bhVl@eldamar.lan \
    --to=carnil@debian.org \
    --cc=greg@kroah.com \
    --cc=ovidiu.panait@windriver.com \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.