lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-102731-13602-PkMyMrx761@https.bugzilla.kernel.org/>
Date:	Mon, 21 Mar 2016 13:04:06 +0000
From:	bugzilla-daemon@...zilla.kernel.org
To:	linux-ext4@...r.kernel.org
Subject: [Bug 102731] I have a cough.

https://bugzilla.kernel.org/show_bug.cgi?id=102731

--- Comment #43 from Theodore Tso <tytso@....edu> ---
Vaclav, I want to really, really thank you for doing the bisect.   Looking at
the testing procedure you used for the git bisect here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818502

I'm quite confident you've found the commit that needs to be backported into
the Debian 3.16 kernel.  Given that the commit was added in 3.17, it should be
fairly easy to backport it into the Debian kernel.

It's really too bad this commit hadn't been marked with a
cc:stable@...r.kernel.org tag, but to be fair I've sometimes made this mistake,
either out of sheer forgetfulness or because I didn't recognize the seriousness
of the bugs that a commit could address.   To be fair to the KVM maintainers,
the commit description doesn't really list the potential impacts of the bug it
was fixing.

Also with 20-20 hindsight, it's perhaps unfortunate that during this time
period there is a real divergence[1] of kernels that were used by
distributions.  So a bug that would only show up on certain generations of
Intel chipsets, and only when used in virtualization as a host, is precisely
the sort of bug that it is not likely to be noticed until it goes into
enterprise-wide deployment --- and so the fact that other distributions didn't
standardize on a single kernel in this time period (and Debian standardized on
the oldest kernel in this rough time period, 3.16, and the bug in question was
fixed in 3.17) meant that it's not all that surprising that this slipped
through.   And while it would have been more convenient if Debian had been
willing to switch over to a 3.18 based stable series, it wasn't compatible with
their release schedule.

[1] Ubuntu 14.04 LTS stayed on 3.16 for only 18 months before moving to 3.19; 
Fedora 20 was on 3.11, and Fedora 21 jumped to 3.17, etc.

Vaclav, thanks again for finding a simple/easy repro, and then bisecting until
you found the commit that is needed for the 3.16 debian kernel!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ