Hi Markus,
On Mon, Jul 17, 2023 at 08:15:56AM +0200, Markus Elfring wrote:
> >> …
> >>> We can ignore null link key in the handler of "Link Key Notification
> >>> event" to relieve the attack. …
> …
> > Sorry for I didn't capture your point.
>
> Did you provide sufficient justification for a possible addition of the tag “Fixes”?
>
This patch is against a CVE. The issue is not introduced by any old kernel
patch. So I think it doesn't need Fixes: tag.
>
> > What should I change in my patch description?
>
> I hope that corresponding imperative wordings can become more helpful
> also according to another Linux development requirement.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.5-rc1#n94
>
Thanks a lot!
Joey LEe
On Mon, Jul 17, 2023 at 06:23:10PM +0800, joeyli wrote:
> Hi Markus,
>
> On Mon, Jul 17, 2023 at 08:15:56AM +0200, Markus Elfring wrote:
> > >> …
> > >>> We can ignore null link key in the handler of "Link Key Notification
> > >>> event" to relieve the attack. …
> > …
> > > Sorry for I didn't capture your point.
> >
> > Did you provide sufficient justification for a possible addition of the tag “Fixes”?
> >
>
> This patch is against a CVE. The issue is not introduced by any old kernel
> patch. So I think it doesn't need Fixes: tag.
You should probably put a Fixes tag against when the feature was
introduced. (Kernel's prior to that were not affected by the CVE).
regards,
dan carpenter
Hi Dan,
On Mon, Jul 17, 2023 at 02:25:06PM +0300, Dan Carpenter wrote:
> On Mon, Jul 17, 2023 at 06:23:10PM +0800, joeyli wrote:
> > Hi Markus,
> >
> > On Mon, Jul 17, 2023 at 08:15:56AM +0200, Markus Elfring wrote:
> > > >> …
> > > >>> We can ignore null link key in the handler of "Link Key Notification
> > > >>> event" to relieve the attack. …
> > > …
> > > > Sorry for I didn't capture your point.
> > >
> > > Did you provide sufficient justification for a possible addition of the tag “Fixes”?
> > >
> >
> > This patch is against a CVE. The issue is not introduced by any old kernel
> > patch. So I think it doesn't need Fixes: tag.
>
> You should probably put a Fixes tag against when the feature was
> introduced. (Kernel's prior to that were not affected by the CVE).
>
OK! I see.
I have digged that the link key stored function be introduced by 55ed8ca10f35
since v2.6.39-rc1:
commit 55ed8ca10f3530de8edbbf138acb50992bf5005b
Author: Johan Hedberg <[email protected]>
Date: Mon Jan 17 14:41:05 2011 +0200
Bluetooth: Implement link key handling for the management interface
I will add Fixes: 55ed8ca10f35 ("Bluetooth: Implement link key handling for the management interface")
in next version.
Thanks for your and Markus's reminder.
Joey Lee