lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <94c6f903-7dca-503e-aca7-1ee4641bcdac@redhat.com>
Date:   Thu, 12 Mar 2020 15:38:22 +0100
From:   Hans de Goede <hdegoede@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Arvind Sankar <nivedita@...m.mit.edu>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 2/2] x86/purgatory: Make sure we fail the build if
 purgatory.ro has missing symbols

Hi,

On 3/12/20 3:25 PM, Borislav Petkov wrote:
> On Thu, Mar 12, 2020 at 02:34:30PM +0100, Hans de Goede wrote:

<snip>

>> No not ok, I'm doing my best to help make things better here and
>> in return I'm getting what feels as a bunch of negativity and that
>> is NOT ok!
> 
> I have no clue what in my replies made you feel that. Please explain.
> How should I have replied so that it doesn't come across negative?

I posted v3 of this patch 5 months ago, then after 0day bot found
an issue after the resend I send a v4 honestly believing that that
was the only issue with it.

0day bot found another issue, so I send out v5, checking what special
options similar code (EFI libstub) uses to make sure I cover all special
cases this time.

So I've send out 2 versions, not 5 not 10, but only 2 versions in
the past 2 days and you start complaining about me rushing this and
not fixing it properly, to me that does not come across positive.

More specifically my intentions / motives on this were well intended
and I too believe in fixing things the proper way. Your reply suggested
that I just want to rush this through, which calls my motives into
question, for which in my mind there was no reason.

If you complain about 2 versions in 2 days, or 5 versions over 5 months
then that feels exaggerated and it certainly does not give me a feeling
that the effort which I'm putting into this is being appreciated.

Anyways we have a plan how to move forward with this now, so lets
focus on that.

>> Now as how to move forward with this, I suggest that:
>>
>> 1) We wait a bit to see if the 0daybot finds any more existing issues
>> which are exposed by my patch
>>
>> 2) Change my patch to check for missing symbols to use the approach
>> which Arvind has suggested
>>
>> 3) Check that "kexec -l <kernel>" + "kexec -e" still work
>>
>> 4) Post v6.
> 
> 5) Wait for 0day bot to chew on it too.
> 
>> Does that work for you ?
> 
> Yes, sounds ok.

Ok, then lets move forward with this.

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ