lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 3 Feb 2019 11:53:23 +0100
From:   Johan Hovold <johan@...nel.org>
To:     Myungho Jung <mhjungk@...il.com>
Cc:     Johan Hovold <johan@...nel.org>,
        Marcel Holtmann <marcel@...tmann.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] Bluetooth: Add NULL check for tiocmget() and
 tiocmset()

On Sat, Feb 02, 2019 at 10:38:24PM -0800, Myungho Jung wrote:
> On Thu, Jan 31, 2019 at 04:40:00PM +0100, Johan Hovold wrote:
> > On Tue, Jan 29, 2019 at 09:39:28PM -0800, Myungho Jung wrote:
> > > tiocmget() and tiocmset() operations are optional and some tty drivers
> > > like pty miss the operations. We need NULL check to prevent from
> > > dereference.
> > > 
> > > Signed-off-by: Myungho Jung <mhjungk@...il.com>
> > > ---
> > >  drivers/bluetooth/hci_ath.c   | 6 ++++++
> > >  drivers/bluetooth/hci_ldisc.c | 4 ++++
> > >  2 files changed, 10 insertions(+)
> > 
> > Ah, you had already submitted a v2.
> > 
> > I still suggest splitting this one in two patches and that you add a
> > Fixes and stable tag to each so that they both get backported to stable.
> > 
> > Also, when resubmitting, make sure to include a short changelog here
> > below the cut-off line (---).
> > 
> > > 
> > > diff --git a/drivers/bluetooth/hci_ath.c b/drivers/bluetooth/hci_ath.c
> > > index d568fbd94d6c..fb9f6323a911 100644
> > > --- a/drivers/bluetooth/hci_ath.c
> > > +++ b/drivers/bluetooth/hci_ath.c
> > > @@ -185,8 +185,14 @@ static int ath_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
> > >  
> > >  static int ath_setup(struct hci_uart *hu)
> > >  {
> > > +	struct tty_struct *tty = hu->tty;
> > > +
> > >  	BT_DBG("hu %p", hu);
> > >  
> > > +	/* tty driver should support operations to set RTS */
> > > +	if (!tty->driver->ops->tiocmget || !tty->driver->ops->tiocmset)
> > > +		return -EOPNOTSUPP;
> > 
> > -ENODEV might be more appropriate.
> > 
> > Johan
> 
> I'll split into 2 seperate patches. So, do I need to add stable tag on each
> patch like below to be cherry-picked?
> 
> Cc: <stable@...r.kernel.org> # <hash>: <summary>
> 
> I looked for a good example from mailing list but didn't find one.

Almost right, the format you use above is actually used to identify
dependencies for backports.

You should add a Fixes tag identifying the commit which introduced each
bug and a stable-cc tag. If you want you can indicate the version after
a # sign, but that can also be inferred from the fixes tag.

For the hci_ldisc fix I think the tags would be:

	Fixes: 2a973dfada2b ("Bluetooth: hci_uart: Add new line discipline enhancements")
	Cc: stable <stable@...r.kernel.org>     # 4.2

You can use git blame to track down the offending commits.

This should all be explained here:

	https://www.kernel.org/doc/html/latest/process/submitting-patches.html

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ