From: Takashi Iwai <tiwai@suse.de>
To: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "Grygorii Tertychnyi (gtertych)" <gtertych@cisco.com>,
"xe-linux-external(mailer list)" <xe-linux-external@cisco.com>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops
Date: Tue, 12 Sep 2017 14:38:14 +0200 [thread overview]
Message-ID: <s5hefrcccsp.wl-tiwai@suse.de> (raw)
In-Reply-To: <20170912123418.GB19179@kroah.com>
On Tue, 12 Sep 2017 14:34:18 +0200,
gregkh@linuxfoundation.org wrote:
>
> On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote:
> > On Fri, 08 Sep 2017 19:47:32 +0200,
> > Grygorii Tertychnyi (gtertych) wrote:
> > >
> > >
> > > >> Hi Greg,
> > > >>
> > > >> Could you please apply it for 4.4-stable.
> > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
> > > >
> > > > This vulnerability is just non-issue. You can't get it working
> > > > practically; it requires a modified hardware of the decade old ISA
> > > > sound card, and yet the system has to load / set up the module
> > > > beforehand. We should withdraw it from CVE, IMO.
> > >
> > > I think it is worth having it in 4.4, 4.9 and 4.12 also.
> >
> > ... even though the code has never been tested on the real hardware?
> > That doesn't sound good for stable kernels at all. That's why I
> > didn't put Cc to stable in the patch.
>
> Oh, I didn't know that, want me to drop the patch from the stable queues
> now?
Honestly, I don't mind. The patch should work, and even if it
doesn't, it would be harmless as no one can see the breakage in
practice :)
It's just ridiculous that people urge such commit for stable kernels
even though they never tested / care the real cases but only look at
the CVE entry.
thanks,
Takashi
WARNING: multiple messages have this Message-ID (diff)
From: Takashi Iwai <tiwai@suse.de>
To: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "Grygorii Tertychnyi (gtertych)" <gtertych@cisco.com>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"xe-linux-external(mailer list)" <xe-linux-external@cisco.com>
Subject: Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops
Date: Tue, 12 Sep 2017 14:38:14 +0200 [thread overview]
Message-ID: <s5hefrcccsp.wl-tiwai@suse.de> (raw)
In-Reply-To: <20170912123418.GB19179@kroah.com>
On Tue, 12 Sep 2017 14:34:18 +0200,
gregkh@linuxfoundation.org wrote:
>
> On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote:
> > On Fri, 08 Sep 2017 19:47:32 +0200,
> > Grygorii Tertychnyi (gtertych) wrote:
> > >
> > >
> > > >> Hi Greg,
> > > >>
> > > >> Could you please apply it for 4.4-stable.
> > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
> > > >
> > > > This vulnerability is just non-issue. You can't get it working
> > > > practically; it requires a modified hardware of the decade old ISA
> > > > sound card, and yet the system has to load / set up the module
> > > > beforehand. We should withdraw it from CVE, IMO.
> > >
> > > I think it is worth having it in 4.4, 4.9 and 4.12 also.
> >
> > ... even though the code has never been tested on the real hardware?
> > That doesn't sound good for stable kernels at all. That's why I
> > didn't put Cc to stable in the patch.
>
> Oh, I didn't know that, want me to drop the patch from the stable queues
> now?
Honestly, I don't mind. The patch should work, and even if it
doesn't, it would be harmless as no one can see the breakage in
practice :)
It's just ridiculous that people urge such commit for stable kernels
even though they never tested / care the real cases but only look at
the CVE entry.
thanks,
Takashi
next prev parent reply other threads:[~2017-09-12 12:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-08 16:06 [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops grygorii tertychnyi
2017-09-08 16:27 ` Greg KH
2017-09-08 16:57 ` Takashi Iwai
2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych)
2017-09-12 7:17 ` [alsa-devel] " Takashi Iwai
2017-09-12 12:34 ` gregkh
2017-09-12 12:38 ` Takashi Iwai [this message]
2017-09-12 12:38 ` Takashi Iwai
2017-09-08 19:10 ` Greg KH
2017-09-08 19:10 ` Greg KH
-- strict thread matches above, loose matches on Subject: below --
2017-09-08 16:06 grygorii tertychnyi
2017-07-06 15:43 Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hefrcccsp.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=gregkh@linuxfoundation.org \
--cc=gtertych@cisco.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.