linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Miller <davem@davemloft.net>
To: ben@decadent.org.uk
Cc: luis.henriques@canonical.com, avijitnsec@codeaurora.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2014-9900 fix is not upstream
Date: Tue, 23 Aug 2016 11:24:06 -0700 (PDT)	[thread overview]
Message-ID: <20160823.112406.549221808236512285.davem@davemloft.net> (raw)
In-Reply-To: <1471973727.13300.162.camel@decadent.org.uk>

From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 23 Aug 2016 18:35:27 +0100

> On Tue, 2016-08-23 at 09:40 -0700, David Miller wrote:
>> From: Luis Henriques <luis.henriques@canonical.com>
>> Date: Tue, 23 Aug 2016 14:41:07 +0100
>> 
>> > Digging through some old CVEs I came across this one that doesn't
>> seem be
>> > in mainline.  Was there a good reason for not being sent upstream? 
>> Maybe it was
>> > rejected for some reason and I failed to find the discussion.
>> 
>> Because the patch is completely bogus, and thus so is the CVE.
>> 
>> The variable initializer clears out the entire structure.
>> 
>> Until you can show compiler output from gcc that shows it not
>> initializing the structure I will not apply this patch because I know
>> that it faithfully does.
> 
> On some versions and architectures.  Can you guarantee that you will
> notice when an exception appears?

Again, show me the assembler output exhibiting the lack of
initialization, for this specific structure and situation.

That's all that I'm asking.

  reply	other threads:[~2016-08-23 18:24 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-23 13:41 CVE-2014-9900 fix is not upstream Luis Henriques
2016-08-23 13:41 ` net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() Luis Henriques
2016-08-23 14:06   ` Joe Perches
     [not found]     ` <CAOp4FwRxfE61azV78TZ7EKESQZzRU2Pfkc2GJ9j3MV7pr80qew@mail.gmail.com>
2016-08-23 15:40       ` Joe Perches
2016-08-23 14:21   ` Eric Dumazet
2016-08-23 15:05     ` Joe Perches
2016-08-23 15:36       ` Eric Dumazet
2016-08-23 16:38         ` Andrey Ryabinin
2016-08-23 16:46         ` Edward Cree
2016-08-23 17:15       ` Vegard Nossum
2016-08-23 17:33     ` Ben Hutchings
2016-08-23 16:40 ` CVE-2014-9900 fix is not upstream David Miller
2016-08-23 17:35   ` Ben Hutchings
2016-08-23 18:24     ` David Miller [this message]
2016-08-23 20:09       ` Al Viro
2016-08-23 20:34         ` Joe Perches
2016-08-23 20:49           ` Lennart Sorensen
2016-08-23 21:25             ` Al Viro
2016-08-24 14:03               ` Lennart Sorensen
2016-08-24 20:36                 ` Hannes Frederic Sowa
2016-08-25 12:40                   ` Johannes Berg
2016-08-25 12:41                     ` Johannes Berg
2016-08-25 15:14                   ` One Thousand Gnomes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160823.112406.549221808236512285.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=avijitnsec@codeaurora.org \
    --cc=ben@decadent.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luis.henriques@canonical.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).