| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Apr 2021 18:54:49 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Lee Jones <lee.jones@...aro.org> Cc: linux-kernel@...r.kernel.org, Kangjie Lu <kjlu@....edu> Subject: Re: [PATCH 165/190] Revert "mfd: mc13xxx: Fix a missing check of a register-read failure" On Fri, Apr 23, 2021 at 10:30:42AM +0100, Lee Jones wrote: > On Wed, 21 Apr 2021, Greg Kroah-Hartman wrote: > > > This reverts commit 9e28989d41c0eab57ec0bb156617a8757406ff8a. > > > > Commits from @umn.edu addresses have been found to be submitted in "bad > > faith" to try to test the kernel community's ability to review "known > > malicious" changes. The result of these submissions can be found in a > > paper published at the 42nd IEEE Symposium on Security and Privacy > > entitled, "Open Source Insecurity: Stealthily Introducing > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University > > of Minnesota) and Kangjie Lu (University of Minnesota). > > > > Because of this, all submissions from this group must be reverted from > > the kernel tree and will need to be re-reviewed again to determine if > > they actually are a valid fix. Until that work is complete, remove this > > change to ensure that no problems are being introduced into the > > codebase. > > > > Cc: Kangjie Lu <kjlu@....edu> > > Cc: Lee Jones <lee.jones@...aro.org> > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > > --- > > drivers/mfd/mc13xxx-core.c | 4 +--- > > 1 file changed, 1 insertion(+), 3 deletions(-) > > > > diff --git a/drivers/mfd/mc13xxx-core.c b/drivers/mfd/mc13xxx-core.c > > index 1abe7432aad8..b2beb7c39cc5 100644 > > --- a/drivers/mfd/mc13xxx-core.c > > +++ b/drivers/mfd/mc13xxx-core.c > > @@ -271,9 +271,7 @@ int mc13xxx_adc_do_conversion(struct mc13xxx *mc13xxx, unsigned int mode, > > > > mc13xxx->adcflags |= MC13XXX_ADC_WORKING; > > > > - ret = mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0); > > - if (ret) > > - goto out; > > + mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0); > > > > adc0 = MC13XXX_ADC0_ADINC1 | MC13XXX_ADC0_ADINC2 | > > MC13XXX_ADC0_CHRGRAWDIV; > > Thanks for bringing this commit to my attention. > > The associated LWN article was an interesting read and I have to say, > I was very disappointed to hear about the actions of these so called > researchers. > > Upon re-review of the original commit, this one does appear valid. > > Do I need to conduct anymore due diligence or can I drop this patch? I've dropped this revert from my tree now, thanks. greg k-h
Powered by blists - more mailing lists