James, > Studying the issue further, I think we have to do the rebase. The > problem is that any driver which hasn't been updated can be persuaded > to walk of the end of the request and dereference the next struct > request. It's not impossible for userspace to set up both requests, > so it looks like this could be used at least to leak information from > the kernel if not exploit it outright. I think that means we have to > have every driver updated before this goes in. I agree in theory. Although, regardless of ordering of the commits, this would still be a single pull request for 5.3. So it's not like there would be a kernel release with this flaw exposed. Assuming all drivers get fixed. Hence my concerns about breaking bisection. Not in terms of being able to build, but in terms of being able to test intermediate commits on systems with the affected drivers. Ming: Please audit all drivers, including ones that live outside of drivers/scsi but which use the midlayer such a s390, USB, libata, etc. Just to make sure we've got all of them covered. And then I think I'm inclined to reorder the 5.3 queue. -- Martin K. Petersen Oracle Linux Engineering
