| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Mar 2016 13:04:06 +0000 From: bugzilla-daemon@...zilla.kernel.org To: linux-ext4@...r.kernel.org Subject: [Bug 102731] I have a cough. https://bugzilla.kernel.org/show_bug.cgi?id=102731 --- Comment #43 from Theodore Tso <tytso@....edu> --- Vaclav, I want to really, really thank you for doing the bisect. Looking at the testing procedure you used for the git bisect here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818502 I'm quite confident you've found the commit that needs to be backported into the Debian 3.16 kernel. Given that the commit was added in 3.17, it should be fairly easy to backport it into the Debian kernel. It's really too bad this commit hadn't been marked with a cc:stable@...r.kernel.org tag, but to be fair I've sometimes made this mistake, either out of sheer forgetfulness or because I didn't recognize the seriousness of the bugs that a commit could address. To be fair to the KVM maintainers, the commit description doesn't really list the potential impacts of the bug it was fixing. Also with 20-20 hindsight, it's perhaps unfortunate that during this time period there is a real divergence[1] of kernels that were used by distributions. So a bug that would only show up on certain generations of Intel chipsets, and only when used in virtualization as a host, is precisely the sort of bug that it is not likely to be noticed until it goes into enterprise-wide deployment --- and so the fact that other distributions didn't standardize on a single kernel in this time period (and Debian standardized on the oldest kernel in this rough time period, 3.16, and the bug in question was fixed in 3.17) meant that it's not all that surprising that this slipped through. And while it would have been more convenient if Debian had been willing to switch over to a 3.18 based stable series, it wasn't compatible with their release schedule. [1] Ubuntu 14.04 LTS stayed on 3.16 for only 18 months before moving to 3.19; Fedora 20 was on 3.11, and Fedora 21 jumped to 3.17, etc. Vaclav, thanks again for finding a simple/easy repro, and then bisecting until you found the commit that is needed for the 3.16 debian kernel! -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists