Re: stable-security kernel updates

From: Willy Tarreau
Date: Thu Apr 21 2016 - 03:12:12 EST


Hi Jiri,

On Thu, Apr 21, 2016 at 08:43:55AM +0200, Jiri Slaby wrote:
> On 04/20/2016, 09:50 PM, Sasha Levin wrote:
> > Updates for stable-security kernels have been released:
> >
> > - v3.12.58-security
>
> I suggest nobody uses that kernel.
>
> That tree does not make much sense to me. For example, what's the
> purpose of "kernel: Provide READ_ONCE and ASSIGN_ONCE" (commit
> 230fa253df6352af12ad0a16128760b5cb3f92df upstream) without actually
> using the added macros (this commit was only a prerequisite)?
>
> Ok, not that bad, it is only unused code, but why are *not* these in the
> security tree?
> ipr: Fix out-of-bounds null overwrite
> Input: powermate - fix oops with malicious USB descriptors
> rapidio/rionet: fix deadlock on SMP

This illustrates exactly what I suspected would happen because that's the
same trouble we all face when picking backports for our respective trees
except that since the selection barrier is much higher here, lots of
important ones will be missing.

Cheers,
Willy