NACK: [CVE-2017-18232][A][PATCH 00/11] CVE-2017-18232

Stefan Bader stefan.bader at canonical.com
Wed May 23 10:40:42 UTC 2018


On 23.05.2018 04:27, Khalid Elmously wrote:
> CVE-2017-18232
> 
> The first 4 patches are for cleanup purposes and are effectively no-ops. They make some of the later patches apply cleanly.
> 
> The remaining 7 patches are all part of the same series, which appears to be a re-working of the SAS event handling/queuing implementation.
> 
> Note that patch 10/11 is the one that effectively fixes the vulnerability (according to the CVE triage info) - however it seemed to me that patches 5-9 and patch 11 - all of which are part of the same series - are also needed, so I brought them in as well.
> 
> This CVE affects Trusty and Xenial in addition to Artful, however, I'm still working on the fix for Xenial which is proving more difficult, therefore sending just the Artful fix for now.
> 
> I've boot-tested this kernel but haven't run any scsi/sas-specific tests.

This may work in Artful but it feels to me like to much change. This does not
scale moving further and further back. I could not spend too much time but my
gut feeling is that instead it should be possible to adapt that patch #10 in a
way that essentially does what the description says within the code that is
there. Adapting function names and so on. Which can make this applicable to
earlier releases even.

-Stefan

> 
> 
> Jason Yan (11):
>   scsi: libsas: kill useless ha_event and do some cleanup
>   scsi: libsas: remove the numbering for each event enum
>   scsi: libsas: remove unused port_gone_completion and DISCE_PORT_GONE
>   scsi: libsas: rename notify_port_event() for consistency
>   scsi: libsas: Use dynamic alloced work to avoid sas event lost
>   scsi: libsas: shut down the PHY if events reached the threshold
>   scsi: libsas: make the event threshold configurable
>   scsi: libsas: Use new workqueue to run sas event and disco event
>   scsi: libsas: use flush_workqueue to process disco events
>     synchronously
>   scsi: libsas: direct call probe and destruct
>   scsi: libsas: notify event PORTE_BROADCAST_RCVD in
>     sas_enable_revalidation()
> 
>  drivers/scsi/aic94xx/aic94xx_hwi.c    |   3 -
>  drivers/scsi/hisi_sas/hisi_sas_main.c |   7 +-
>  drivers/scsi/libsas/sas_ata.c         |   1 -
>  drivers/scsi/libsas/sas_discover.c    |  34 ++++----
>  drivers/scsi/libsas/sas_dump.c        |  10 ---
>  drivers/scsi/libsas/sas_dump.h        |   1 -
>  drivers/scsi/libsas/sas_event.c       | 102 +++++++++++++---------
>  drivers/scsi/libsas/sas_expander.c    |   8 +-
>  drivers/scsi/libsas/sas_init.c        | 117 +++++++++++++++++++++++---
>  drivers/scsi/libsas/sas_internal.h    |   7 ++
>  drivers/scsi/libsas/sas_phy.c         |  69 ++++++++-------
>  drivers/scsi/libsas/sas_port.c        |  25 +++---
>  include/scsi/libsas.h                 |  82 ++++++++----------
>  include/scsi/scsi_transport_sas.h     |   1 +
>  14 files changed, 288 insertions(+), 179 deletions(-)
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180523/36a22995/attachment.sig>


More information about the kernel-team mailing list