On Wed, Dec 13, 2023 at 10:28:53PM -0500, Paul Gortmaker wrote:
[Re: [PATCH 0/1] RFC: linux-5.15.y ksmbd backport for CVE-2023-38431] On 13/12/2023 (Wed 15:34) Greg KH wrote:
On Tue, Dec 12, 2023 at 03:45:55PM -0500, Paul Gortmaker wrote:
[Re: [PATCH 0/1] RFC: linux-5.15.y ksmbd backport for CVE-2023-38431] On 12/12/2023 (Tue 21:04) Greg KH wrote:
On Tue, Dec 12, 2023 at 01:47:44PM -0500, paul.gortmaker@windriver.com wrote:
From: Paul Gortmaker paul.gortmaker@windriver.com
This is a bit long, but I've never touched this code and all I can do is compile test it. So the below basically represents a capture of my thought process in fixing this for the v5.15.y-stable branch.
Nice work, but really, given that there are _SO_ many ksmb patches that have NOT been backported to 5.15.y, I would strongly recommend that we just mark the thing as depending on BROKEN there for now as your one
I'd be 100% fine with that. Can't speak for anyone else though.
backport here is not going to make a dent in the fixes that need to be applied there to resolve the known issues that the codebase currently has resolved in newer kernels.
Do you use this codebase on 5.15.y? What drove you to want to backport
I don't use it, and I don't know of anyone who does.
Then why are you all backporting stuff for it?
Firstly, you've cut the context where I already explained that I did it because others said it couldn't be done. Of all people, I am sure you can respect that.
Sure, I saw that, but I didn't understand why someone was doing it in the first place.
The Yocto Project still offers v5.15 as an option, and whenever I can, I help out to advance the Yocto Project as time permits. Ask Richard.
As an option, but is it recommended and does anyone actually use it there? Does yocto systems expect to use this kernel option for the 5.15 kernel?
If no one steps up, I'll just mark the thing as broken, it is _so_ far behind in patches that it's just sad.
Again, in this case - I have no problem with that - but as a note of record -- whenever linux-stable removes a Kconfig, either explicitly or by a depends on BROKEN - it does trigger fallout for some people.
In what way? Just having to update default config options?
The Yocto/OE does an audit on the Kconfig output looking for options that were explicitly set (or un-set) by the user, or by base templates. If they don't land in the final .config file -- it lets you know.
So defconfig type checks?
thanks,
greg k-h