From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:46520 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1764841AbdDSOmX (ORCPT
        <rfc822;stable@vger.kernel.org>); Wed, 19 Apr 2017 10:42:23 -0400
Date: Wed, 19 Apr 2017 16:42:06 +0200
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: stable <stable@vger.kernel.org>
Subject: Re: [stable] DMA-on-stack fixes
Message-ID: <20170419144206.GA2793@kroah.com>
References: <1492476581.2409.119.camel@decadent.org.uk>
 <20170419121627.GA7380@kroah.com>
 <1492611302.31767.1.camel@decadent.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1492611302.31767.1.camel@decadent.org.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Wed, Apr 19, 2017 at 03:15:02PM +0100, Ben Hutchings wrote:
> On Wed, 2017-04-19 at 14:16 +0200, Greg Kroah-Hartman wrote:
> > On Tue, Apr 18, 2017 at 01:49:41AM +0100, Ben Hutchings wrote:
> > > Brad Spengler pointed out these fixes elsewhere:
> > > 
> > > 43fab9793c1f [media] dvb-usb: don't use stack for firmware load
> > > 67b0503db9c2 [media] dvb-usb-firmware: don't do DMA on stack
> > > 3f190e3aec21 [media] cxusb: Use a dma capable buffer also for reading
> > > c4baad50297d virtio-console: avoid DMA from stack
> > > 
> > > For 4.9, the first one needs some adjustment - use the attached patch.
> > > The rest apply cleanly.
> > > 
> > > For 4.10, you can skip the first two as they've already been applied.
> > 
> > Thanks for this shorter list.��I'll go through the rest of the list of
> > patches that Brad pointed out on oss-security.
> > 
> > Oh, and you did notice he said that
> > a4866aa81251 ("mm: Tighten x86 /dev/mem with zeroing reads")
> > should be applied to stable kernels, right?��I've queued it up for the
> > ones I manage.
> 
> Yes, though it's not a meaningful security fix by itself.

What do you mean "by itself"?  Is there something else that needs to be
added here, or just that the patch doesn't really change all that much?

thanks,

greg k-h