Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1462509pxb;
        Mon, 11 Oct 2021 06:35:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzM5tTSedyfrs1pI4zbLZCK255f8jieUs/MmdugQ0znEaQPcnM5huOeYdOwAhy4iXdwdIjk
X-Received: by 2002:a05:6402:520b:: with SMTP id s11mr22555770edd.123.1633959321706;
        Mon, 11 Oct 2021 06:35:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1633959321; cv=none;
        d=google.com; s=arc-20160816;
        b=Fz6HvyZP2HR4cpUCNy5Uprck1JBO9ccDr+zy+9Ki2DHZgQjYDUHQNJS/OEwuHvP+4g
         oqhEm1tyiOmM34iKMytx82i//WwHnb+qo7pVag2FQbKxRoQRe2ASdpo1pKYcNcUu5Uk5
         PqWL9xYCSLU9N4ea8x8ylC7hefUookgB28zP6nBLKrXeviMM9IlMdk+JuW9HSpjLf5T9
         BVShub4oQFT5v0jUScS1BNYNe/Eh+hvGYn+mMt9Rpzzlk1rGIM9iwNr3UbzReW7gYoi4
         oaHL8TpByK/20stSihcKlyHqgp0EHm4Z2TGLpxrMnF8qR+TVj60xKq3r+H8tlLerhtz8
         4acQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:message-id:in-reply-to:date:references:subject:cc:to
         :from:dmarc-filter:sender:dkim-signature;
        bh=yQEeqerf7Ei3Xw3vldPBO/PbPsJ5X9qa47bE01NgrCM=;
        b=t9CrQC8c8dP8vTxQmyIybNHBobKgLubEkr+BQdWKDazAqRhBNjwVdCMfpYBD/tWql0
         WNL6rXA1LpubpkRcIHE8DfaUag1QjJbLgnRkt9muylGds7Hsx0kGd3dao8ozfEBkIh8S
         Qz2OBrSV8x3SOQYXrXNVG7vzQ+/XJhyBp7LZz/XdBaTfjVD/t/hAoeffyPqMc4ZLXaEG
         oqb2zx03RnOg+n8r7TQ3u6z7yq1FmnbDRdsjCCgRFhGU3BPcGhMSqXbackKdPqvsJA+Q
         nexDUr0tExTzgt6TLvRvVtfxEgEfNFe6BnBfkm1fhHrrvPp8UKK4/t7VPl+488aK4Toc
         Fbng==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b="gqGoWw/p";
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ds4si17964328ejc.507.2021.10.11.06.35.03;
        Mon, 11 Oct 2021 06:35:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b="gqGoWw/p";
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235920AbhJKKoG (ORCPT <rfc822;liuguibupt@gmail.com> + 76 others);
        Mon, 11 Oct 2021 06:44:06 -0400
Received: from m43-7.mailgun.net ([69.72.43.7]:58351 "EHLO m43-7.mailgun.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S235792AbhJKKoF (ORCPT <rfc822;linux-wireless@vger.kernel.org>);
        Mon, 11 Oct 2021 06:44:05 -0400
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt;
 s=smtp; t=1633948925; h=Content-Transfer-Encoding: Content-Type:
 MIME-Version: Message-ID: In-Reply-To: Date: References: Subject: Cc:
 To: From: Sender; bh=yQEeqerf7Ei3Xw3vldPBO/PbPsJ5X9qa47bE01NgrCM=; b=gqGoWw/prRx1zi9V6fhpXLHewP2VQKfNxf0KNMX2pnzjWuiryWNwKNm8FHBckWE+NScq2Mtw
 FUp11iguZeLj1wlzGo+wZJ8Ew/PRpK/tdNciYh1LleK6Gho9mdHMsJdqcFb0e2XPzT8ZsxYb
 9WSX2urFfgd1cNoh2WeoG14GIcQ=
X-Mailgun-Sending-Ip: 69.72.43.7
X-Mailgun-Sid: WyI3YTAwOSIsICJsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmciLCAiYmU5ZTRhIl0=
Received: from smtp.codeaurora.org
 (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by
 smtp-out-n01.prod.us-east-1.postgun.com with SMTP id
 616414f522fe3a98e5846f61 (version=TLS1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Mon, 11 Oct 2021 10:41:57
 GMT
Sender: kvalo=codeaurora.org@mg.codeaurora.org
Received: by smtp.codeaurora.org (Postfix, from userid 1001)
        id 7A5E8C4360C; Mon, 11 Oct 2021 10:41:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
        aws-us-west-2-caf-mail-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=ALL_TRUSTED,BAYES_00,SPF_FAIL,
        URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from tynnyri.adurom.net (tynnyri.adurom.net [51.15.11.48])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        (Authenticated sender: kvalo)
        by smtp.codeaurora.org (Postfix) with ESMTPSA id 8BD32C4338F;
        Mon, 11 Oct 2021 10:41:54 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 smtp.codeaurora.org 8BD32C4338F
Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org
Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=fail smtp.mailfrom=codeaurora.org
From:   Kalle Valo <kvalo@codeaurora.org>
To:     Greg KH <gregkh@linuxfoundation.org>
Cc:     Pali =?utf-8?Q?Roh=C3=A1r?= <pali@kernel.org>,
        Sasha Levin <sashal@kernel.org>, stable@vger.kernel.org,
        linux-wireless@vger.kernel.org
Subject: Re: Drivers for Qualcomm wifi chips (ath*k) and security issues
References: <20210823140844.q3kx6ruedho7jen5@pali>
        <YSPxO+VGnSopgn5G@kroah.com>
Date:   Mon, 11 Oct 2021 13:41:50 +0300
In-Reply-To: <YSPxO+VGnSopgn5G@kroah.com> (Greg KH's message of "Mon, 23 Aug
        2021 21:04:27 +0200")
Message-ID: <87czob3ksx.fsf@tynnyri.adurom.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

Greg KH <gregkh@linuxfoundation.org> writes:

> On Mon, Aug 23, 2021 at 04:08:44PM +0200, Pali Roh=C3=A1r wrote:
>> Hello Sasha and Greg!
>>=20
>> Last week I sent request for backporting ath9k wifi fixes for security
>> issue CVE-2020-3702 into stable LTS kernels because Qualcomm/maintainers
>> did not it for more months... details are in email:
>> https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#u
>>=20
>> And now I got reports that in stable LTS kernels (4.14, 4.19) are
>> missing also other fixes for other Qualcomm wifi security issues,
>> covered by FragAttacks codename: CVE-2020-26145 CVE-2020-26139
>> CVE-2020-26141
>
> Then someone needs to provide us backports if they care about these
> very old kernels and these issues.  Just like any other driver subsystem
> where patches are not able to be easily backported.
>
> Or just use a newer kernel, that's almost always a better idea.

Sorry for the delay in my answer. But like Greg said, use of a newer
kernel is the best option. I don't have the bandwith to maintain ath[1]
drivers in stable releases, but I do try to make sure bugfixes have a
Fixes tag when approriate and I do add cc stable whenever people ask me
to. That's about it from stable releases point of view, my focus is on
Linus' releases.

Help with the stable releases is very welcome.

[1] ath9k, ath10k, ath11k etc

--=20
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatc=
hes