lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 5 Jan 2022 09:10:56 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Jaegeuk Kim <jaegeuk@...nel.org>
Cc:     Salvatore Bonaccorso <carnil@...ian.org>,
        Chao Yu <chao@...nel.org>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org, Wenqing Liu <wenqingliu0120@...il.com>
Subject: Re: [PATCH 5.10 60/76] f2fs: fix to do sanity check on last xattr
 entry in __f2fs_setxattr()

On Tue, Jan 04, 2022 at 01:10:59PM -0800, Jaegeuk Kim wrote:
> On 01/04, Greg Kroah-Hartman wrote:
> > On Tue, Jan 04, 2022 at 10:56:28AM +0100, Salvatore Bonaccorso wrote:
> > > Hi,
> > > 
> > > On Tue, Jan 04, 2022 at 05:29:30PM +0800, Chao Yu wrote:
> > > > On 2022/1/4 5:11, Salvatore Bonaccorso wrote:
> > > > > Hi,
> > > > > 
> > > > > On Mon, Dec 27, 2021 at 04:31:15PM +0100, Greg Kroah-Hartman wrote:
> > > > > > From: Chao Yu <chao@...nel.org>
> > > > > > 
> > > > > > commit 5598b24efaf4892741c798b425d543e4bed357a1 upstream.
> > > > 
> > > > I've no idea.
> > > > 
> > > > I didn't add this line from v1 to v3:
> > > > 
> > > > https://lore.kernel.org/lkml/20211211154059.7173-1-chao@kernel.org/T/
> > > > https://lore.kernel.org/all/20211212071923.2398-1-chao@kernel.org/T/
> > > > https://lore.kernel.org/all/20211212091630.6325-1-chao@kernel.org/T/
> > > > 
> > > > Am I missing anything?
> > > 
> > > The line is added when a commit from "upstream" is added to the stable
> > > series to identify the upstream commit it is taken from for
> > > cherry-pick (or backport).
> > > 
> > > Strange so, that the fix is not in mainline actually yet.
> > 
> > I thought it was about to be sent to Linus.  Why has the f2fs maintainer
> > not sent a merge request to him to get this merged properly yet?
> 
> It's very surprising that -stable can cherry-pick non-upstreamed patches based
> on the stable maintainer's self assumption. Please wait for being upstreamed.

I normally do wait, but when a commit has a public CVE registered for
it, and it shows up in -next, I assume that it will be sent to Linus any
moment now.  Because of that, I made the call to take the patch then.

Odd that you wish to delay this, sorry I took it early.

greg k-h

Powered by blists - more mailing lists