lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181026084920.GB27852@localhost>
Date:   Fri, 26 Oct 2018 10:49:20 +0200
From:   Johan Hovold <johan@...nel.org>
To:     Sasha Levin <sashal@...nel.org>
Cc:     stable@...r.kernel.org, linux-kernel@...r.kernel.org,
        Bjørn Mork <bjorn@...k.no>,
        Johan Hovold <johan@...nel.org>
Subject: Re: [PATCH AUTOSEL 3.18 04/98] USB: qcserial: Fix support for HP
 lt4112 LTE/HSPA+ Gobi 4G Modem

On Thu, Oct 25, 2018 at 10:17:19AM -0400, Sasha Levin wrote:
> From: Bjørn Mork <bjorn@...k.no>
> 
> [ Upstream commit 59536da34513c594af2a6fd35ba65ea45b6960a1 ]
> 
> The DEVICE_HWI type was added under the faulty assumption that Huawei
> devices based on Qualcomm chipsets and firmware use the static USB
> interface numbering known from Gobi devices.  But this model does
> not apply to Huawei devices like the HP branded lt4112 (Huawei me906e).
> Huawei firmwares will dynamically assign interface numbers. Functions
> are renumbered when the firmware is reconfigured.
> 
> Fix by changing the DEVICE_HWI type to use a simplified version
> of Huawei's subclass + protocol scheme: Blacklisting known network
> interface combinations and assuming the rest are serial.
> 
> Reported-and-tested-by: Muri Nicanor <muri+libqmi@...erda.ch>
> Tested-by: Martin Hauke <mardnh@....de>
> Cc: <stable@...r.kernel.org>
> Fixes: e7181d005e84 ("USB: qcserial: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem")
> Signed-off-by: Bjørn Mork <bjorn@...k.no>
> Signed-off-by: Johan Hovold <johan@...nel.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>

This one is interesting though; it was marked for stable and has a
proper fixes tag for a commit that went into 4.19. That patch in turn
had a stable tag (new device id type patch) and was backported also to
other active stable trees at the time.

Guess the stable maintainers need to check if the offending patch has
already been backported when determining how far back to apply a follow
up fix.

Note that the stable tag above lacks a version comment (e.g. "# 4.19"),
but I can see how that may be too subtle to convey this (and not all
maintainers use those). Perhaps an explicit comment should just be added
in such cases.

Thanks,
Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ