dpt_i2o fixes for stable

27 May 2023


      I'm proposing to address the most obvious issues with dpt_i2o on stable
branches.  At this stage it may be better to remove it as has been done
upstream, but I'd rather limit the regression for anyone still using
the hardware.
The changes are:
- "scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)",
  which closes security flaws including CVE-2023-2007.
- "scsi: dpt_i2o: Do not process completions with invalid addresses",
  which removes the remaining bus_to_virt() call and may slightly
  improve handling of misbehaving hardware.
These changes have been compiled on all the relevant stable branches,
but I don't have hardware to test on.
Ben.
-- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams

2025

2024

2023

2022

2021

2020

2019

2018

2017

dpt_i2o fixes for stable