lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 May 2017 08:50:33 +0200
From:   Arnd Bergmann <arnd@...db.de>
To:     Kalle Valo <kvalo@...eaurora.org>
Cc:     linux-wireless <linux-wireless@...r.kernel.org>,
        Stanislaw Gruszka <sgruszka@...hat.com>,
        David Miller <davem@...emloft.net>,
        Helmut Schaa <helmut.schaa@...glemail.com>,
        Daniel Golle <daniel@...rotopia.org>,
        Mathias Kresin <dev@...sin.me>,
        Johannes Berg <johannes.berg@...el.com>,
        Serge Vasilugin <vasilugin@...dex.ru>,
        Roman Yeryomin <roman@...em.lv>,
        Networking <netdev@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jes Sorensen <jes.sorensen@...il.com>,
        Tom Psyborg <pozega.tomislav@...il.com>
Subject: Re: [PATCH v2 00/10] rt2x00: rt2x00: improve calling conventions for
 register accessors

On Fri, May 19, 2017 at 7:18 AM, Kalle Valo <kvalo@...eaurora.org> wrote:
> Arnd Bergmann <arnd@...db.de> writes:
>
>> I've managed to split up my long patch into a series of reasonble
>> steps now.
>>
>> The first two are required to fix a regression from commit 41977e86c984
>> ("rt2x00: add support for MT7620"), the rest are just cleanups to
>> have a consistent state across all the register access functions.
>
> Can these all go to 4.13 or would you prefer me to push the first two
> 4.12? Or what?

I think you can reasonably argue either way: the second patch does
fix a real bug that may or may not lead to an exploitable stack overflow
when CONFIG_KASAN is enabled, which would be a reason to put it
into 4.12. On the other hand, I have another 20 patches for similar
(or worse) stack overflow issues with KASAN that I'm hoping to all
get into 4.13 and backported into stable kernel later if necessary,
so we could treat this one like the others.

The only difference between this and the others is that in rt2x00 it
is a regression against 4.11, while the others have all been present
for a long time.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ