On Sat, May 27, 2023 at 10:42:00PM +0200, Ben Hutchings wrote: > I'm proposing to address the most obvious issues with dpt_i2o on stable > branches. At this stage it may be better to remove it as has been done > upstream, but I'd rather limit the regression for anyone still using > the hardware. > > The changes are: > > - "scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)", > which closes security flaws including CVE-2023-2007. > - "scsi: dpt_i2o: Do not process completions with invalid addresses", > which removes the remaining bus_to_virt() call and may slightly > improve handling of misbehaving hardware. > > These changes have been compiled on all the relevant stable branches, > but I don't have hardware to test on. All now queued up, thanks. greg k-h
