lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130522143019.GA18541@mtj.dyndns.org>
Date:	Wed, 22 May 2013 23:30:19 +0900
From:	Tejun Heo <tj@...nel.org>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	"James E.J. Bottomley" <JBottomley@...allels.com>,
	Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org,
	linux-scsi@...r.kernel.org
Subject: Re: PING^7 (was Re: [PATCH v2 00/14] Corrections and customization
 of the SG_IO command whitelist (CVE-2012-4542))

On Wed, May 22, 2013 at 04:12:04PM +0200, Paolo Bonzini wrote:
> Il 22/05/2013 15:41, Tejun Heo ha scritto:
> > On Wed, May 22, 2013 at 12:23:56PM +0200, Paolo Bonzini wrote:
> >> Yes, because I have no idea what _your_ point is.
> > 
> > Isolate the actual fixes and just submit them as it seems impossible
> > for you to provide proper justifications for the things you want to
> > add.
> 
> Quoting myself on January 26, 2013: "The vast majority of the commands
> are added because Linux itself is using them".

See, this is exactly what I've been talking about.  Reviewing or
raising points is almost useless.  Gees, why did I start this again?
Why the hell aren't my points clear yet after so many exchanges on the
exact same frigging subject?  Stop repeting yourself and try to
understand the review points for once.

* Separate fixes from additions.  Transform existing code so that the
  visible behavior doesn't change but the required fix can be
  implemented on top.  Explicitly note what's going on in the commit
  messages.

* Fix the frigging CVE bug that you've been waving around and do
  *just* that.

* Add the frigging "count me out" feature that you want for your use
  case.  It isn't controversial and is what you need and the
  maintainer can apply to the point where [s]he thinks acceptable.

* If for whatever reason you have to add more command codes to the
  exception table, do them with explicit justifications.  How the hell
  "the vast majority of the commands are added because Linux itself is
  using them" a proper justification?  How are they used for what
  reason and why is adding them beneficial?  How many times have I
  asked you to give at least some useful use cases?  And WTF is "vast
  majority", what about others then?  Why do you need this at all if
  you have the "count me out" knob in the first place?  You first
  built that command list by scanning the spec and just adding the
  commands that seemed "right" to you.  I have near-zero confidence in
  your perception of the relationship between the specs and actual
  world.

So, stop quoting and repeating yourself.  You're overdoing yourself on
that department already.  Try to listen and understand for a change.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ