From: Jens Axboe <axboe@kernel.dk>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Vegard Nossum <vegard.nossum@oracle.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, pavel@denx.de, cengiz.can@canonical.com,
mheyne@amazon.de, mngyadam@amazon.com, kuntal.nayak@broadcom.com,
ajay.kaher@broadcom.com, zsm@chromium.org,
shivani.agarwal@broadcom.com, ahalaney@redhat.com,
alsi@bang-olufsen.dk, ardb@kernel.org,
benjamin.gaignard@collabora.com, bli@bang-olufsen.dk,
chengzhihao1@huawei.com, christophe.jaillet@wanadoo.fr,
ebiggers@kernel.org, edumazet@google.com,
fancer.lancer@gmail.com, florian.fainelli@broadcom.com,
harshit.m.mogalapalli@oracle.com, hdegoede@redhat.com,
horms@kernel.org, hverkuil-cisco@xs4all.nl,
ilpo.jarvinen@linux.intel.com, jgg@nvidia.com,
kevin.tian@intel.com, kirill.shutemov@linux.intel.com,
kuba@kernel.org, luiz.von.dentz@intel.com,
md.iqbal.hossain@intel.com, mpearson-lenovo@squebb.ca,
nicolinc@nvidia.com, pablo@netfilter.org, rfoss@kernel.org,
richard@nod.at, tfiga@chromium.org, vladimir.oltean@nxp.com,
xiaolei.wang@windriver.com, yanjun.zhu@linux.dev,
yi.zhang@redhat.com, yu.c.chen@intel.com, yukuai3@huawei.com
Subject: Re: [PATCH RFC 6.6.y 00/15] Some missing CVE fixes
Date: Wed, 2 Oct 2024 09:54:23 -0600 [thread overview]
Message-ID: <5af60c25-f917-437f-b918-fedaebbc8c68@kernel.dk> (raw)
In-Reply-To: <0c664087-e9af-4744-ac81-1839ea6b4051@stanley.mountain>
On 10/2/24 9:50 AM, Dan Carpenter wrote:
> On Wed, Oct 02, 2024 at 09:26:46AM -0600, Jens Axboe wrote:
>> On 10/2/24 9:05 AM, Vegard Nossum wrote:
>>> Christophe JAILLET (1):
>>> null_blk: Remove usage of the deprecated ida_simple_xx() API
>
> It makes cherry-picking the next commit slightly easier. There is still some
> conflict resolution necessary so it doesn't help very much. Could we annotate
> these with a Stable-dep-of: tag otherwise we get a lot of questions like this.
>
> Also when we backport patches from 6.6.y to 6.1.y then we can drop any
> unnecessary Stable-dep-of patches.
>
>>>
>>> Yu Kuai (1):
>>> null_blk: fix null-ptr-dereference while configuring 'power' and
>>> 'submit_queues'
>>
>> I don't see how either of these are CVEs? Obviously not a problem to
>> backport either of them to stable, but I wonder what the reasoning for
>> that is. IOW, feels like those CVEs are bogus, which I guess is hardly
>> surprising :-)
>
> The definition of CVE includes NULL dereferences so that's automatic.
Sure, I'm not a total idiot, even if it may seem like it. But this one
requires root - both to load the driver, and to trigger it after it
being loaded. It's not a non-root user triggerable oops. And maybe
that's fine and that's still a CVE, at least we're not doing scores
here...
--
Jens Axboe
next prev parent reply other threads:[~2024-10-02 15:54 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 15:05 [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 01/15] ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Vegard Nossum
2024-10-02 16:26 ` Dan Carpenter
2024-10-02 16:29 ` Dan Carpenter
2024-10-05 0:45 ` Sasha Levin
2024-10-02 15:05 ` [PATCH RFC 6.6.y 02/15] media: usbtv: Remove useless locks in usbtv_video_free() Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 03/15] Bluetooth: hci_sock: Fix not validating setsockopt user input Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 04/15] Bluetooth: ISO: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 05/15] Bluetooth: L2CAP: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 06/15] netfilter: nf_tables: fix memleak in map from abort path Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 07/15] netfilter: nf_tables: restore set elements when delete set fails Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 08/15] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Vegard Nossum
2024-10-02 15:06 ` [PATCH RFC 6.6.y 09/15] iommufd: Fix protection fault in iommufd_test_syz_conv_iova Vegard Nossum
2024-10-02 15:16 ` Jason Gunthorpe
2024-10-02 15:06 ` [PATCH RFC 6.6.y 10/15] drm/bridge: adv7511: fix crash on irq during probe Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 11/15] efi/unaccepted: touch soft lockup during memory accept Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 12/15] platform/x86: think-lmi: Fix password opcode ordering for workstations Vegard Nossum
2024-10-04 1:00 ` Mark Pearson
2024-10-02 15:12 ` [PATCH RFC 6.6.y 13/15] null_blk: Remove usage of the deprecated ida_simple_xx() API Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 14/15] null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 15/15] net: stmmac: move the EST lock to struct stmmac_priv Vegard Nossum
2024-10-02 15:26 ` [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Jens Axboe
2024-10-02 15:46 ` Vegard Nossum
2024-10-02 15:49 ` Jens Axboe
2024-10-08 11:19 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:40 ` Pavel Machek
2024-10-08 11:51 ` Greg Kroah-Hartman
2024-10-02 15:50 ` Dan Carpenter
2024-10-02 15:54 ` Jens Axboe [this message]
2024-10-08 11:16 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:35 ` Pavel Machek
2024-10-08 11:44 ` Greg Kroah-Hartman
2024-10-08 11:56 ` Christian Heusel
2024-10-08 12:33 ` Pavel Machek
2024-10-08 13:02 ` Greg Kroah-Hartman
2024-10-02 19:43 ` Pablo Neira Ayuso
2024-10-08 10:32 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5af60c25-f917-437f-b918-fedaebbc8c68@kernel.dk \
--to=axboe@kernel.dk \
--cc=ahalaney@redhat.com \
--cc=ajay.kaher@broadcom.com \
--cc=alsi@bang-olufsen.dk \
--cc=ardb@kernel.org \
--cc=benjamin.gaignard@collabora.com \
--cc=bli@bang-olufsen.dk \
--cc=cengiz.can@canonical.com \
--cc=chengzhihao1@huawei.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=dan.carpenter@linaro.org \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=fancer.lancer@gmail.com \
--cc=florian.fainelli@broadcom.com \
--cc=gregkh@linuxfoundation.org \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=hdegoede@redhat.com \
--cc=horms@kernel.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kuntal.nayak@broadcom.com \
--cc=luiz.von.dentz@intel.com \
--cc=md.iqbal.hossain@intel.com \
--cc=mheyne@amazon.de \
--cc=mngyadam@amazon.com \
--cc=mpearson-lenovo@squebb.ca \
--cc=nicolinc@nvidia.com \
--cc=pablo@netfilter.org \
--cc=pavel@denx.de \
--cc=rfoss@kernel.org \
--cc=richard@nod.at \
--cc=shivani.agarwal@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=tfiga@chromium.org \
--cc=vegard.nossum@oracle.com \
--cc=vladimir.oltean@nxp.com \
--cc=xiaolei.wang@windriver.com \
--cc=yanjun.zhu@linux.dev \
--cc=yi.zhang@redhat.com \
--cc=yu.c.chen@intel.com \
--cc=yukuai3@huawei.com \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).