On Wed, Oct 02, 2024 at 09:26:46AM -0600, Jens Axboe wrote:
On 10/2/24 9:05 AM, Vegard Nossum wrote:
Christophe JAILLET (1): null_blk: Remove usage of the deprecated ida_simple_xx() API
It makes cherry-picking the next commit slightly easier. There is still some conflict resolution necessary so it doesn't help very much. Could we annotate these with a Stable-dep-of: tag otherwise we get a lot of questions like this.
Also when we backport patches from 6.6.y to 6.1.y then we can drop any unnecessary Stable-dep-of patches.
Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
I don't see how either of these are CVEs? Obviously not a problem to backport either of them to stable, but I wonder what the reasoning for that is. IOW, feels like those CVEs are bogus, which I guess is hardly surprising :-)
The definition of CVE includes NULL dereferences so that's automatic.
regards, dan carpenter