Re: [PATCH] pcmcia: synclink_cs: Fix use-after-free in mgslpc_ioctl()

[Harald Welte]

Hi Arnd,

On Thu, Sep 15, 2022 at 09:35:51AM +0200, Arnd Bergmann wrote:
> There is a good chance that we can remove both now, along with the
> synclink_cs. The scr24x driver is from 2016, but of course the
> hardware is much older. The cm4040/cm4000 drivers are from 2005.
> My guess is that the hardware still exists in actively used systems,
> but none of them get upgraded to modern kernels any more.

It is probably true.  But the same argument can be made about all of the
PCMCIA drivers.  It's been a long time since any new mass-market hardware
with PCMCIA slots has been produced.  Even if you count in the (non-express)
cardbus, the same argument holds true.

I personally haven't used any of those cm4000/cm4040 in ages.  But what
particularly the last decade of my professional career has taught me:
There are typically always more users of legacy tech out there than you
would imagine.  The question is whether those users are relevant enough
for today's kernel maintainers to care.  This isn't meant to sound
bitter - I'm just stating facts.  It can be a valid "developer resource
economic" decision to not care.

Regards,
	Harald

-- 
- Harald Welte <laforge@xxxxxxxxxxxx>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)