From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Finn Thain <fthain@linux-m68k.org>
Cc: Ben Hutchings <benh@debian.org>, Sasha Levin <sashal@kernel.org>,
stable <stable@vger.kernel.org>, Arnd Bergmann <arnd@arndb.de>,
linux-scsi <linux-scsi@vger.kernel.org>,
security@kernel.org
Subject: Re: dpt_i2o fixes for stable
Date: Sun, 28 May 2023 12:28:42 +0100 [thread overview]
Message-ID: <2023052800-tux-defraud-374d@gregkh> (raw)
In-Reply-To: <98021ba4-a6cd-69aa-393f-37b2ddab5587@linux-m68k.org>
On Sun, May 28, 2023 at 07:58:11PM +1000, Finn Thain wrote:
> On Sun, 28 May 2023, Greg Kroah-Hartman wrote:
>
> > On Sat, May 27, 2023 at 10:42:00PM +0200, Ben Hutchings wrote:
> > > I'm proposing to address the most obvious issues with dpt_i2o on stable
> > > branches. At this stage it may be better to remove it as has been done
> > > upstream, but I'd rather limit the regression for anyone still using
> > > the hardware.
> > >
> > > The changes are:
> > >
> > > - "scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)",
> > > which closes security flaws including CVE-2023-2007.
> > > - "scsi: dpt_i2o: Do not process completions with invalid addresses",
> > > which removes the remaining bus_to_virt() call and may slightly
> > > improve handling of misbehaving hardware.
> > >
> > > These changes have been compiled on all the relevant stable branches,
> > > but I don't have hardware to test on.
> >
> > Why don't we just delete it in the stable trees as well? If no one has
> > the hardware (otherwise the driver would not have been removed), who is
> > going to hit these issues anyway?
> >
>
> It's already gone from two stable trees. Would you also have it deleted
> from users' machines, or would you have each distro separately maintain
> out-of-tree that code which it is presently shipping, or something else?
Delete it as obviously no one actually has this hardware. Or just leave
it alone, as obviously no one has this hardware so any changes made to
the code would not actually affect anyone.
Or am I missing something here?
thanks,
greg k-h
next prev parent reply other threads:[~2023-05-28 11:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-27 20:42 dpt_i2o fixes for stable Ben Hutchings
2023-05-28 7:02 ` Greg Kroah-Hartman
2023-05-28 9:58 ` Finn Thain
2023-05-28 11:28 ` Greg Kroah-Hartman [this message]
2023-05-29 0:06 ` Finn Thain
2023-05-28 12:40 ` Ben Hutchings
2023-05-28 13:59 ` Greg Kroah-Hartman
2023-05-29 0:29 ` Finn Thain
2023-06-07 18:00 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023052800-tux-defraud-374d@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=benh@debian.org \
--cc=fthain@linux-m68k.org \
--cc=linux-scsi@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=security@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox