Received: by 2002:a05:6a10:e2c5:0:0:0:0 with SMTP id j5csp2016199pxy;
        Tue, 1 Sep 2020 14:19:54 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwILM9Gy0nP+Buu1DWYoRD1PfDctJJXWiPt/l5LPv05jIk2EmDwbf/s/CgvsAjhz599Prip
X-Received: by 2002:a17:906:5f90:: with SMTP id a16mr3328953eju.189.1598995194439;
        Tue, 01 Sep 2020 14:19:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1598995194; cv=none;
        d=google.com; s=arc-20160816;
        b=GoCzD5+Jzm1lN2SymMt9q1uwwIbxV77IIP4ICkWqY42i0Me3zTerEGXD7IMqAxslbS
         R379Jc4go191pGXdjOkNj8Mlic+Cb1641qa4eiIcpjWHZd446lg6cWz8nmGlJYYhui+T
         qyNzjBN22cSlHcpcWlD5k4Ixr0Gy3iQYoco5ywSab0Jffv338s4BtkXM636U76zjfQbx
         8vdq2RsZgVAlSh4s2W5k5iEoQhXHHPqemIm1M3MexadIA5YphH9c8QCRQ34c6CI5OOV5
         myOsyjQ9rrLAHpVAg2do03YMOuG1hKn/AXV2RzZ7foAIjyqGNeRg+hXwtcIxL6kvcqr9
         j26A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=rfQxXV+a72OqugOSxy15rWJhkQJ6nuFj756l6U32d7U=;
        b=M3TuXfTbRpoD1E1GwUkAD9cx6cg1nzWD7k4PMHOG3rm1AZ/QBmHZxtha3QgTaGyBJF
         d7KNQm4Glmsd9TuRxd7Pt0026oVtgPpPYxmHonPwQGyBuGrlZEz3qj9r0hmnc44eTX74
         RxP2kdLgzwrK30pwuqxcF1KyuEMr0VC8m1S3ehEAMweos2bw5sAtA+6M60/qfv4/GeSV
         hwpEg69LrjuYQD6xPcjJsAXwntiBWkIOjAWbiGQdBfSRO9ZLUPm5LHFqQ9ji8A7ZOFn1
         cUH97on7nAFxDFCZcdwiSHok4BVn7qWUXYtmfWEVWx95fntLb5uJlVoBukUTLD7kBnMi
         jpUw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id jz19si1487791ejb.716.2020.09.01.14.19.30;
        Tue, 01 Sep 2020 14:19:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729049AbgIAVQb (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Tue, 1 Sep 2020 17:16:31 -0400
Received: from jabberwock.ucw.cz ([46.255.230.98]:59678 "EHLO
        jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728153AbgIAVQa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Sep 2020 17:16:30 -0400
Received: by jabberwock.ucw.cz (Postfix, from userid 1017)
        id 221FB1C0B9C; Tue,  1 Sep 2020 23:16:28 +0200 (CEST)
Date:   Tue, 1 Sep 2020 23:16:26 +0200
From:   Pavel Machek <pavel@denx.de>
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     Sean Young <sean@mess.org>, linux-kernel@vger.kernel.org,
        stable@vger.kernel.org, Jia-Ju Bai <baijiaju@tsinghua.edu.cn>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 4.19 016/125] media: pci: ttpci: av7110: fix possible
 buffer overflow caused by bad DMA value in debiirq()
Message-ID: <20200901211626.GA17861@duo.ucw.cz>
References: <20200901150934.576210879@linuxfoundation.org>
 <20200901150935.368387062@linuxfoundation.org>
 <20200901162512.GA30837@gofer.mess.org>
 <20200901163523.GA1458104@kroah.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn"
Content-Disposition: inline
In-Reply-To: <20200901163523.GA1458104@kroah.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue 2020-09-01 18:35:23, Greg Kroah-Hartman wrote:
> On Tue, Sep 01, 2020 at 05:25:12PM +0100, Sean Young wrote:
> > Greg,
> >=20
> > On Tue, Sep 01, 2020 at 05:09:31PM +0200, Greg Kroah-Hartman wrote:
> > > From: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
> > >=20
> > > [ Upstream commit 6499a0db9b0f1e903d52f8244eacc1d4be00eea2 ]
> > >=20
> > > The value av7110->debi_virt is stored in DMA memory, and it is assign=
ed
> > > to data, and thus data[0] can be modified at any time by malicious
> > > hardware. In this case, "if (data[0] < 2)" can be passed, but then
> > > data[0] can be changed into a large number, which may cause buffer
> > > overflow when the code "av7110->ci_slot[data[0]]" is used.
> > >=20
> > > To fix this possible bug, data[0] is assigned to a local variable, wh=
ich
> > > replaces the use of data[0].
> >=20
> > See the discussion here:
> >=20
> > https://lkml.org/lkml/2020/8/31/479
> >=20
> > It does not seem worthwhile merging to the stable trees.
>=20
> It doesn't hurt either :)

Update stable kernel rules.

If "patch does not match description and is pretty obviously useless"
but "does not hurt" is acceptable for stable tree, people should know.

You are pushing known junk into stable. Stop that.
									Pavel
--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCX066KgAKCRAw5/Bqldv6
8leEAKCAPPnxVddaWsVzK5zoQhG5xzz8XwCeLZN+mO8+VPzV6i81Rch/gSNDfdg=
=tgI0
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--