lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250213102449.GC2756671@google.com>
Date: Thu, 13 Feb 2025 10:24:49 +0000
From: Lee Jones <lee@...nel.org>
To: Manuel Fombuena <fombuena@...look.com>
Cc: pavel@....cz, corbet@....net, linux-leds@...r.kernel.org,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND 1/5] leds: leds-st1202: fix NULL pointer access on
 race condition

On Wed, 12 Feb 2025, Manuel Fombuena wrote:

> On Tue, 11 Feb 2025, Lee Jones wrote:
> 
> > On Sat, 01 Feb 2025, Manuel Fombuena wrote:
> > 
> > > st1202_dt_init() calls devm_led_classdev_register_ext() before the
> > > internal data structures are properly setup, so the leds become visible
> > > to user space while being partially initialized, leading to a window
> > > where trying to access them causes a NULL pointer access.
> > 
> > If this is true, you need to provide a Fixes: tag and to Cc: Stable.
> >
> > Documentation/process/stable-kernel-rules.rst
> > 
> 
> Yes, some circumstances have to confluence but it is reproducible under 
> normal use. I can send panic logs if you want to see the details.
> 
> Since this driver has been added in 6.14-rc1, I thought that, if applied,    
> this patch would be included in fixes before the final release and there 
> would be no need to apply it to -stable trees, as it is nowhere else at 
> the moment. But of course I will review the documentation and make changes as 
> suggested.

Then you need to separate the set into patches you expect to be
submitted to the -rcs and ones which can be applied during the next
cycle, then go to lengths to explain that either in the diff section of
each patch (preferred) or in the cover-letter.

Either way, you need Fixes: tags.

-- 
Lee Jones [李琼斯]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ