lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 6 Nov 2012 08:17:51 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Carlos Carvalho <carlos@...ica.ufpr.br>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: why has "fix ext4_ext_remove_space tree traversal" not been
 applied?

On Tue, Nov 06, 2012 at 10:04:49AM -0200, Carlos Carvalho wrote:
> In 3.6.6 some of the patches of the series "Bunch of DIO/AIO fixes V4"
> by Dmitry Monakhov have been applied but not all. In particular, patch
> 9, "fix ext4_ext_remove_space tree traversal" is not there. We're
> getting hit by the null pointer dereference in our main file servers.
> 
> What's the situation of this patch? Any reason it's not applied?

Patches which which change a large amount of code don't get the
cc:stable@...r.kernel.org label applied to them, primarily because of
the risk involved and the likelihood that those patches won't easily
get backported to the older stable kernels.

Keep in mind that the way things work is that patches that are tagged
for the stable kernel tree automatically get cherry-picked, and if the
cherry-pick fails, the patch is dropped.  For a complex patch series,
sometimes dropping a patch in the middle of the patch series can lead
to really bad results --- and while I do extensive regression testing
on the mainline kernel before I send a PULL request to Linus, I just
don't have the time or energy to do this with the (many) stable
kernels series.

Enterprise distro's have paid people who do this thankless job, and it
can be quite painful at times to support an old stable kernel,
especially when users are using it in production and they will scream
bloody murder if you introduce a regression.  So they generally solve
the problem by not sticking with a very old patch, and not giving
users access to the latest and greatest features --- such as
the punch hole feature.

The problem is that users want the latest and greatest features, right
away, but they also want something is absolutely stable and
bug-free(tm).  Unfortunately, sometimes both wants can not be
accomodated...

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ