* [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops @ 2017-09-08 16:06 grygorii tertychnyi 2017-09-08 16:27 ` Greg KH 2017-09-08 16:57 ` Takashi Iwai 0 siblings, 2 replies; 8+ messages in thread From: grygorii tertychnyi @ 2017-09-08 16:06 UTC (permalink / raw) To: gregkh Cc: tiwai, xe-linux-external, linux-kernel, alsa-devel, grygorii tertychnyi Hi Greg, Could you please apply it for 4.4-stable. This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 Takashi Iwai (1): ALSA: msnd: Optimize / harden DSP and MIDI loops sound/isa/msnd/msnd_midi.c | 30 +++++++++++++++--------------- sound/isa/msnd/msnd_pinnacle.c | 23 ++++++++++++----------- 2 files changed, 27 insertions(+), 26 deletions(-) -- 2.10.3.dirty ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-08 16:06 [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops grygorii tertychnyi @ 2017-09-08 16:27 ` Greg KH 2017-09-08 16:57 ` Takashi Iwai 1 sibling, 0 replies; 8+ messages in thread From: Greg KH @ 2017-09-08 16:27 UTC (permalink / raw) To: grygorii tertychnyi; +Cc: tiwai, xe-linux-external, linux-kernel, alsa-devel On Fri, Sep 08, 2017 at 09:06:25AM -0700, grygorii tertychnyi wrote: > Hi Greg, > > Could you please apply it for 4.4-stable. > This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 Why just 4.4? What about 4.12, 4.9, and any others? thanks, greg k-h ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-08 16:06 [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops grygorii tertychnyi 2017-09-08 16:27 ` Greg KH @ 2017-09-08 16:57 ` Takashi Iwai 2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych) 2017-09-08 19:10 ` Greg KH 1 sibling, 2 replies; 8+ messages in thread From: Takashi Iwai @ 2017-09-08 16:57 UTC (permalink / raw) To: grygorii tertychnyi; +Cc: gregkh, xe-linux-external, linux-kernel, alsa-devel On Fri, 08 Sep 2017 18:06:25 +0200, grygorii tertychnyi wrote: > > Hi Greg, > > Could you please apply it for 4.4-stable. > This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 This vulnerability is just non-issue. You can't get it working practically; it requires a modified hardware of the decade old ISA sound card, and yet the system has to load / set up the module beforehand. We should withdraw it from CVE, IMO. thanks, Takashi > > Takashi Iwai (1): > ALSA: msnd: Optimize / harden DSP and MIDI loops > > sound/isa/msnd/msnd_midi.c | 30 +++++++++++++++--------------- > sound/isa/msnd/msnd_pinnacle.c | 23 ++++++++++++----------- > 2 files changed, 27 insertions(+), 26 deletions(-) > > -- > 2.10.3.dirty > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-08 16:57 ` Takashi Iwai @ 2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych) 2017-09-12 7:17 ` [alsa-devel] " Takashi Iwai 2017-09-08 19:10 ` Greg KH 1 sibling, 1 reply; 8+ messages in thread From: Grygorii Tertychnyi (gtertych) @ 2017-09-08 17:47 UTC (permalink / raw) To: Takashi Iwai, gregkh@linuxfoundation.org Cc: xe-linux-external(mailer list), linux-kernel@vger.kernel.org, alsa-devel@alsa-project.org >> Hi Greg, >> >> Could you please apply it for 4.4-stable. >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > This vulnerability is just non-issue. You can't get it working > practically; it requires a modified hardware of the decade old ISA > sound card, and yet the system has to load / set up the module > beforehand. We should withdraw it from CVE, IMO. I think it is worth having it in 4.4, 4.9 and 4.12 also. >> >> Takashi Iwai (1): >> ALSA: msnd: Optimize / harden DSP and MIDI loops >> >> sound/isa/msnd/msnd_midi.c | 30 +++++++++++++++--------------- >> sound/isa/msnd/msnd_pinnacle.c | 23 ++++++++++++----------- >> 2 files changed, 27 insertions(+), 26 deletions(-) >> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych) @ 2017-09-12 7:17 ` Takashi Iwai 2017-09-12 12:34 ` gregkh 0 siblings, 1 reply; 8+ messages in thread From: Takashi Iwai @ 2017-09-12 7:17 UTC (permalink / raw) To: Grygorii Tertychnyi (gtertych) Cc: gregkh@linuxfoundation.org, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, xe-linux-external(mailer list) On Fri, 08 Sep 2017 19:47:32 +0200, Grygorii Tertychnyi (gtertych) wrote: > > > >> Hi Greg, > >> > >> Could you please apply it for 4.4-stable. > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > This vulnerability is just non-issue. You can't get it working > > practically; it requires a modified hardware of the decade old ISA > > sound card, and yet the system has to load / set up the module > > beforehand. We should withdraw it from CVE, IMO. > > I think it is worth having it in 4.4, 4.9 and 4.12 also. ... even though the code has never been tested on the real hardware? That doesn't sound good for stable kernels at all. That's why I didn't put Cc to stable in the patch. Takashi ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-12 7:17 ` [alsa-devel] " Takashi Iwai @ 2017-09-12 12:34 ` gregkh 2017-09-12 12:38 ` Takashi Iwai 0 siblings, 1 reply; 8+ messages in thread From: gregkh @ 2017-09-12 12:34 UTC (permalink / raw) To: Takashi Iwai Cc: Grygorii Tertychnyi (gtertych), alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, xe-linux-external(mailer list) On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote: > On Fri, 08 Sep 2017 19:47:32 +0200, > Grygorii Tertychnyi (gtertych) wrote: > > > > > > >> Hi Greg, > > >> > > >> Could you please apply it for 4.4-stable. > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > > > This vulnerability is just non-issue. You can't get it working > > > practically; it requires a modified hardware of the decade old ISA > > > sound card, and yet the system has to load / set up the module > > > beforehand. We should withdraw it from CVE, IMO. > > > > I think it is worth having it in 4.4, 4.9 and 4.12 also. > > ... even though the code has never been tested on the real hardware? > That doesn't sound good for stable kernels at all. That's why I > didn't put Cc to stable in the patch. Oh, I didn't know that, want me to drop the patch from the stable queues now? thanks, greg k-h ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-12 12:34 ` gregkh @ 2017-09-12 12:38 ` Takashi Iwai 0 siblings, 0 replies; 8+ messages in thread From: Takashi Iwai @ 2017-09-12 12:38 UTC (permalink / raw) To: gregkh@linuxfoundation.org Cc: Grygorii Tertychnyi (gtertych), alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, xe-linux-external(mailer list) On Tue, 12 Sep 2017 14:34:18 +0200, gregkh@linuxfoundation.org wrote: > > On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote: > > On Fri, 08 Sep 2017 19:47:32 +0200, > > Grygorii Tertychnyi (gtertych) wrote: > > > > > > > > > >> Hi Greg, > > > >> > > > >> Could you please apply it for 4.4-stable. > > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > > > > > This vulnerability is just non-issue. You can't get it working > > > > practically; it requires a modified hardware of the decade old ISA > > > > sound card, and yet the system has to load / set up the module > > > > beforehand. We should withdraw it from CVE, IMO. > > > > > > I think it is worth having it in 4.4, 4.9 and 4.12 also. > > > > ... even though the code has never been tested on the real hardware? > > That doesn't sound good for stable kernels at all. That's why I > > didn't put Cc to stable in the patch. > > Oh, I didn't know that, want me to drop the patch from the stable queues > now? Honestly, I don't mind. The patch should work, and even if it doesn't, it would be harmless as no one can see the breakage in practice :) It's just ridiculous that people urge such commit for stable kernels even though they never tested / care the real cases but only look at the CVE entry. thanks, Takashi ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops 2017-09-08 16:57 ` Takashi Iwai 2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych) @ 2017-09-08 19:10 ` Greg KH 1 sibling, 0 replies; 8+ messages in thread From: Greg KH @ 2017-09-08 19:10 UTC (permalink / raw) To: Takashi Iwai Cc: grygorii tertychnyi, xe-linux-external, linux-kernel, alsa-devel On Fri, Sep 08, 2017 at 06:57:57PM +0200, Takashi Iwai wrote: > On Fri, 08 Sep 2017 18:06:25 +0200, > grygorii tertychnyi wrote: > > > > Hi Greg, > > > > Could you please apply it for 4.4-stable. > > This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > This vulnerability is just non-issue. You can't get it working > practically; it requires a modified hardware of the decade old ISA > sound card, and yet the system has to load / set up the module > beforehand. We should withdraw it from CVE, IMO. Hah, good luck trying to get a CVE withdrawn, people seem to love the foolish things... ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-09-12 12:38 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-09-08 16:06 [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops grygorii tertychnyi 2017-09-08 16:27 ` Greg KH 2017-09-08 16:57 ` Takashi Iwai 2017-09-08 17:47 ` Grygorii Tertychnyi (gtertych) 2017-09-12 7:17 ` [alsa-devel] " Takashi Iwai 2017-09-12 12:34 ` gregkh 2017-09-12 12:38 ` Takashi Iwai 2017-09-08 19:10 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox