lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Apr 2021 16:19:57 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     Theodore Ts'o <tytso@....edu>
Cc:     Doug Ledford <dledford@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Aditya Pakki <pakki001@....edu>, Kangjie Lu <kjlu@....edu>,
        Qiushi Wu <wu000273@....edu>, x86@...nel.org,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Arnd Bergmann <arnd@...db.de>, David Airlie <airlied@...ux.ie>,
        Michael Turquette <mturquette@...libre.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        Daniel Vetter <daniel@...ll.ch>,
        Jean Delvare <jdelvare@...e.com>,
        Guenter Roeck <linux@...ck-us.net>,
        Jiri Kosina <jikos@...nel.org>, Will Deacon <will@...nel.org>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Johan Hovold <johan@...nel.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Johannes Berg <johannes@...solutions.net>,
        Takashi Iwai <tiwai@...e.com>
Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits

On Thu, Apr 22, 2021 at 04:48:04PM -0400, Theodore Ts'o wrote:

> So you could consider doing an in-depth review of the patches sent
> from umn.edu to be a step towards doing more careful review.  Let's
> see what we learn from that analysis.

My take is this is "as expected" from people operating static
analyzers and other tools. At best they are good at pointing to
potential problems, but typicaly lack the kernel specific knowledge to
be fully relied on to make a fix independently. Further, it is very
rare that people doing this work would be able to test their patches.

At least I always check this stuff no matter who sends it.

Even well reputed people like Nick and Dan make errors and need their
work checked.

I'm interested to see the measured error rate of these 190 patches -
excluding the "not-useful but not wrong" determination.

Based on some Fixes: data mining I did recently it would be hard to
get excited below about 10% errors.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ