From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 789D8211CD605 for ; Wed, 27 Feb 2019 00:58:26 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2BC29313433B; Wed, 27 Feb 2019 08:58:26 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-178.rdu2.redhat.com [10.10.120.178]) by smtp.corp.redhat.com (Postfix) with ESMTP id EFE0F2B3C5; Wed, 27 Feb 2019 08:58:24 +0000 (UTC) To: "Wu, Hao A" , "Gao, Liming" , "edk2-devel@lists.01.org" Cc: "Zeng, Star" References: <20190226074557.11048-1-hao.a.wu@intel.com> From: Laszlo Ersek Message-ID: <879920cf-8edd-575a-cb60-efe1cbd62cda@redhat.com> Date: Wed, 27 Feb 2019 09:58:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Wed, 27 Feb 2019 08:58:26 +0000 (UTC) Subject: Re: [PATCH v2 0/2] MdeModulePkg: Resolve buffer cross boundary access in Ramdisk X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 08:58:27 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 02/27/19 07:56, Wu, Hao A wrote: >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >> Laszlo Ersek >> Sent: Tuesday, February 26, 2019 7:45 PM >> To: Wu, Hao A; edk2-devel@lists.01.org >> Cc: Zeng, Star >> Subject: Re: [edk2] [PATCH v2 0/2] MdeModulePkg: Resolve buffer cross >> boundary access in Ramdisk >> >> On 02/26/19 08:45, Hao Wu wrote: >>> V2 changes: >>> >>> Correct CC list information. >>> >>> >>> V1 history: >>> >>> The series will resolve a buffer cross boundary access issue during the >>> use of RAM disks. It is the mitigation for issue CVE-2018-12180. >>> >>> Cc: Jian J Wang >>> Cc: Ray Ni >>> Cc: Star Zeng >>> >>> Hao Wu (2): >>> MdeModulePkg/PartitionDxe: Ensure blocksize can hold MBR (CVE FIX) >>> MdeModulePkg/RamDiskDxe: Ramdisk size be multiple of BlkSize (CVE >> FIX) >>> >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h | 6 +++--- >>> MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 9 ++++++++- >>> MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c | 9 ++++++++- >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c | 20 >> ++++++++++++++------ >>> MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c | 5 +++-- >>> 5 files changed, 36 insertions(+), 13 deletions(-) >>> >> >> Please put the exact CVE numbers in the subject lines. > > Hello Laszlo and Liming, > > I totally agree the commit subject line should include the CVE number. > But I have one feedback that, if the commit is for a CVE fix, is it > possible to exempt the commit subject from 71 characters limit? In my opinion, that is absolutely the case. > I found it can be hard to summary the commit with the Package/Module plus > the CVE number information. I agree, it is hard. But, IMO, in this case, the precise CVE reference takes priority. Thanks Laszlo