ACK: [SRU][J/F][PATCH 0/1] CVE-2024-38611
Koichiro Den
koichiro.den at canonical.com
Tue Sep 24 01:10:42 UTC 2024
Acked-by: Koichiro Den <koichiro.den at canonical.com>
On Wed, Sep 18, 2024 at 01:56:52PM +0800, Hui Wang wrote:
> [Impact]
>
> Using __exit for the remove function results in the remove callback
> being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets
> unbound (e.g. using sysfs or hotplug), the driver is just removed
> without the cleanup being performed. This results in resource leaks. Fix
> it by compiling in the remove callback unconditionally.
>
>
> [Backport]
>
> This backport adjusts context due to 2 conflict, the 1st one is
> the return type of et8ek8_remove(), in J and F, the return type is int
> while in original commit the return type is void, here I kept the
> return type to int; the other one is probe function type, in the J and
> F, it is probe_new, in the original commit, it is probe, here I kept
> probe_new since it is unrelevant to this CVE case.
>
> If we want to change the return type to void for et8ek8_remove(), we
> need to backport 1 patches which will impact all i2c drivers:
> ed5c2f5fd10d ("i2c: Make remove callback return void")
>
> If we want to change the probe_new to probe, we need to backport 2
> commits which will impact all i2c drivers:
> 03c835f498b5 ("i2c: Switch .probe() to not take an id parameter")
> aaeb31c00e61 ("media: Switch i2c drivers back to use .probe()")
>
>
> [Fix]
>
> Noble: Already fixed
> Jammy: Backported from mainline v6.10-rc1, see explanation in [Backport]
> Focal: Backported from mainline v6.10-rc1, see explanation in [Backport]
> Bionic: sent to the -esm
> Xenial: Not affected
> Trusty: Not affected
>
> [Test Case]
>
> Compile and boot test.
>
>
> [Where problems could occur]
>
> The change is on v4l2/media driver, if there is regression, it could
> impact media driver. But the likely of regression is very low, the
> change is straightforward and simple.
>
> Uwe Kleine-König (1):
> media: i2c: et8ek8: Don't strip remove function when driver is builtin
>
> drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list