NACK: [SRU][F][PATCH 0/1] CVE-2024-40967
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Nov 14 23:14:41 UTC 2024
On Tue, Nov 12, 2024 at 05:19:56PM -0500, Yuxuan Luo wrote:
NACK this CVE patch because the patch is errorenous, sending a v2 patch
later.
> [Impact]
> A potential deadlock might occur if too much time were spent for serial
> IMX subsystem, leading to denial of service.
>
> [Backport]
> Two conflicts occur when backporting the fix commit.
> 1. Declaration for usr2 variable: it is merely the order of declaration
> of variables, apply it manually.
>
> 2. The conflict at read_poll_timeout_atomic: this function is not
> introduced until 57a29df34146 (“iopoll: Introduce
> read_poll_timeout_atomic macro”), which is not a clean cherry pick;
> however, readx_poll_timeout_atomic() can be used interchangeably
> since readx_poll_timeout_atomic becomes an alias of read_poll_...
> after that commit.
readx_poll_timeout_atomic and read_poll_timeout_atomic cannot be used
interchangeably since readx supports only one argument while the
read_... has the option to pass in multiple arguments.
>
> [Test]
> Compile and boot tested only due to lack of arm64 hardware.
>
> [Where problems could occur]
> Regression might occur on all IMX CPU users.
>
> Esben Haabendal (1):
> serial: imx: Introduce timeout when waiting on transmitter empty
>
> drivers/tty/serial/imx.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> --
> 2.43.0
>
More information about the kernel-team
mailing list