lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2022 09:10:56 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Jaegeuk Kim <jaegeuk@...nel.org> Cc: Salvatore Bonaccorso <carnil@...ian.org>, Chao Yu <chao@...nel.org>, linux-kernel@...r.kernel.org, stable@...r.kernel.org, Wenqing Liu <wenqingliu0120@...il.com> Subject: Re: [PATCH 5.10 60/76] f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() On Tue, Jan 04, 2022 at 01:10:59PM -0800, Jaegeuk Kim wrote: > On 01/04, Greg Kroah-Hartman wrote: > > On Tue, Jan 04, 2022 at 10:56:28AM +0100, Salvatore Bonaccorso wrote: > > > Hi, > > > > > > On Tue, Jan 04, 2022 at 05:29:30PM +0800, Chao Yu wrote: > > > > On 2022/1/4 5:11, Salvatore Bonaccorso wrote: > > > > > Hi, > > > > > > > > > > On Mon, Dec 27, 2021 at 04:31:15PM +0100, Greg Kroah-Hartman wrote: > > > > > > From: Chao Yu <chao@...nel.org> > > > > > > > > > > > > commit 5598b24efaf4892741c798b425d543e4bed357a1 upstream. > > > > > > > > I've no idea. > > > > > > > > I didn't add this line from v1 to v3: > > > > > > > > https://lore.kernel.org/lkml/20211211154059.7173-1-chao@kernel.org/T/ > > > > https://lore.kernel.org/all/20211212071923.2398-1-chao@kernel.org/T/ > > > > https://lore.kernel.org/all/20211212091630.6325-1-chao@kernel.org/T/ > > > > > > > > Am I missing anything? > > > > > > The line is added when a commit from "upstream" is added to the stable > > > series to identify the upstream commit it is taken from for > > > cherry-pick (or backport). > > > > > > Strange so, that the fix is not in mainline actually yet. > > > > I thought it was about to be sent to Linus. Why has the f2fs maintainer > > not sent a merge request to him to get this merged properly yet? > > It's very surprising that -stable can cherry-pick non-upstreamed patches based > on the stable maintainer's self assumption. Please wait for being upstreamed. I normally do wait, but when a commit has a public CVE registered for it, and it shows up in -next, I assume that it will be sent to Linus any moment now. Because of that, I made the call to take the patch then. Odd that you wish to delay this, sorry I took it early. greg k-h
Powered by blists - more mailing lists