From mboxrd@z Thu Jan 1 00:00:00 1970 From: Takashi Iwai Subject: Re: [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl() Date: Thu, 07 Nov 2013 10:17:01 +0100 Message-ID: References: <20131107080954.GS21844@elgon.mountain> <20131107090947.GS26669@mwanda> Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Return-path: In-Reply-To: <20131107090947.GS26669@mwanda> Sender: kernel-janitors-owner@vger.kernel.org To: Dan Carpenter Cc: Jaroslav Kysela , alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org List-Id: alsa-devel@alsa-project.org At Thu, 7 Nov 2013 12:09:47 +0300, Dan Carpenter wrote: > > On Thu, Nov 07, 2013 at 09:48:08AM +0100, Takashi Iwai wrote: > > At Thu, 7 Nov 2013 11:09:54 +0300, > > Dan Carpenter wrote: > > > > > > There is a 2 byte hole after "info.func_nr" so we could leak unitialized > > > stack information to userspace. > > > > > > Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2') > > > > Does this help at all? It means that the bug has been there even > > before moving to git. I think it's better to be removed for avoid > > confusion. > > I think if you are back porting it then you know it goes back all the > way. That seems useful. Yeah, I understand the usefulness of the tag. But my understanding is that this is used for pointing a regression point. However, in this particular case, the commit you pointed there isn't the actual commit introducing the bug. It's the genesis commit containing everything. > The Fixes tag is still new so it's not totally clear what the rules are. > I don't have strong feelings about this either way. OK, then let me drop that tag in this case. thanks, Takashi From mboxrd@z Thu Jan 1 00:00:00 1970 From: Takashi Iwai Date: Thu, 07 Nov 2013 09:17:01 +0000 Subject: Re: [patch] [ALSA] sb16 - info leak in snd_sb_csp_ioctl() Message-Id: List-Id: References: <20131107080954.GS21844@elgon.mountain> <20131107090947.GS26669@mwanda> In-Reply-To: <20131107090947.GS26669@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Dan Carpenter Cc: Jaroslav Kysela , alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org At Thu, 7 Nov 2013 12:09:47 +0300, Dan Carpenter wrote: > > On Thu, Nov 07, 2013 at 09:48:08AM +0100, Takashi Iwai wrote: > > At Thu, 7 Nov 2013 11:09:54 +0300, > > Dan Carpenter wrote: > > > > > > There is a 2 byte hole after "info.func_nr" so we could leak unitialized > > > stack information to userspace. > > > > > > Fixes: 1da177e4c3f4 ('Linux-2.6.12-rc2') > > > > Does this help at all? It means that the bug has been there even > > before moving to git. I think it's better to be removed for avoid > > confusion. > > I think if you are back porting it then you know it goes back all the > way. That seems useful. Yeah, I understand the usefulness of the tag. But my understanding is that this is used for pointing a regression point. However, in this particular case, the commit you pointed there isn't the actual commit introducing the bug. It's the genesis commit containing everything. > The Fixes tag is still new so it's not totally clear what the rules are. > I don't have strong feelings about this either way. OK, then let me drop that tag in this case. thanks, Takashi