| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210423093042.GE6446@dell> Date: Fri, 23 Apr 2021 10:30:42 +0100 From: Lee Jones <lee.jones@...aro.org> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: linux-kernel@...r.kernel.org, Kangjie Lu <kjlu@....edu> Subject: Re: [PATCH 165/190] Revert "mfd: mc13xxx: Fix a missing check of a register-read failure" On Wed, 21 Apr 2021, Greg Kroah-Hartman wrote: > This reverts commit 9e28989d41c0eab57ec0bb156617a8757406ff8a. > > Commits from @umn.edu addresses have been found to be submitted in "bad > faith" to try to test the kernel community's ability to review "known > malicious" changes. The result of these submissions can be found in a > paper published at the 42nd IEEE Symposium on Security and Privacy > entitled, "Open Source Insecurity: Stealthily Introducing > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University > of Minnesota) and Kangjie Lu (University of Minnesota). > > Because of this, all submissions from this group must be reverted from > the kernel tree and will need to be re-reviewed again to determine if > they actually are a valid fix. Until that work is complete, remove this > change to ensure that no problems are being introduced into the > codebase. > > Cc: Kangjie Lu <kjlu@....edu> > Cc: Lee Jones <lee.jones@...aro.org> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > --- > drivers/mfd/mc13xxx-core.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/drivers/mfd/mc13xxx-core.c b/drivers/mfd/mc13xxx-core.c > index 1abe7432aad8..b2beb7c39cc5 100644 > --- a/drivers/mfd/mc13xxx-core.c > +++ b/drivers/mfd/mc13xxx-core.c > @@ -271,9 +271,7 @@ int mc13xxx_adc_do_conversion(struct mc13xxx *mc13xxx, unsigned int mode, > > mc13xxx->adcflags |= MC13XXX_ADC_WORKING; > > - ret = mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0); > - if (ret) > - goto out; > + mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0); > > adc0 = MC13XXX_ADC0_ADINC1 | MC13XXX_ADC0_ADINC2 | > MC13XXX_ADC0_CHRGRAWDIV; Thanks for bringing this commit to my attention. The associated LWN article was an interesting read and I have to say, I was very disappointed to hear about the actions of these so called researchers. Upon re-review of the original commit, this one does appear valid. Do I need to conduct anymore due diligence or can I drop this patch? -- Lee Jones [李琼斯] Senior Technical Lead - Developer Services Linaro.org │ Open source software for Arm SoCs Follow Linaro: Facebook | Twitter | Blog
Powered by blists - more mailing lists