lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 9 Oct 2022 17:23:06 +0200
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To:     David Laight <David.Laight@...LAB.COM>,
        'Greg Kroah-Hartman' <gregkh@...uxfoundation.org>,
        Andrew Chernyakov <acherniakov@...ralinux.ru>
Cc:     Andy Gross <agross@...nel.org>,
        Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...ainline.org>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        "linux-arm-msm@...r.kernel.org" <linux-arm-msm@...r.kernel.org>,
        "linux-remoteproc@...r.kernel.org" <linux-remoteproc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>,
        Stephen Boyd <sboyd@...nel.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>
Subject: Re: [PATCH 5.10 1/1] rpmsg: qcom: glink: replace strncpy() with
 strscpy_pad()

On 08/10/2022 23:11, David Laight wrote:
>>> ---
>>>  drivers/rpmsg/qcom_glink_native.c | 2 +-
>>>  drivers/rpmsg/qcom_smd.c          | 4 ++--
>>>  2 files changed, 3 insertions(+), 3 deletions(-)
>>
>> Why just this specific kernel branch?  We can't add patches to an older
>> tree and have someone upgrade to a newer one and hit the same issue.
>>
>> So please provide backports for all active versions.  In this case that
>> would be 5.15.y and 5.19.y.
> 
> If it is only fixing a compile warning is it even stable material?
> The generic commit message doesn't say whether the old code was
> actually right or wrong.
> 
> At least one of these 'replace strncpy()' changes was definitely
> broken (the copy needed to be equivalent to memcpy()).
> 
> So applying ANY of them to stable unless they actually fix
> a real bug seems dubious.

Except the warning from GCC, there was no bug to fix. The warning is
about discouraged and risky practice, but no actual real risk was
identified, so for me it matches stable rules poorly.

It's basically backporting to silence automated code checkers...

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ