lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YIbwWfVJLm5LEUw1@kroah.com>
Date:   Mon, 26 Apr 2021 18:54:49 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Lee Jones <lee.jones@...aro.org>
Cc:     linux-kernel@...r.kernel.org, Kangjie Lu <kjlu@....edu>
Subject: Re: [PATCH 165/190] Revert "mfd: mc13xxx: Fix a missing check of a
 register-read failure"

On Fri, Apr 23, 2021 at 10:30:42AM +0100, Lee Jones wrote:
> On Wed, 21 Apr 2021, Greg Kroah-Hartman wrote:
> 
> > This reverts commit 9e28989d41c0eab57ec0bb156617a8757406ff8a.
> > 
> > Commits from @umn.edu addresses have been found to be submitted in "bad
> > faith" to try to test the kernel community's ability to review "known
> > malicious" changes.  The result of these submissions can be found in a
> > paper published at the 42nd IEEE Symposium on Security and Privacy
> > entitled, "Open Source Insecurity: Stealthily Introducing
> > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> > of Minnesota) and Kangjie Lu (University of Minnesota).
> > 
> > Because of this, all submissions from this group must be reverted from
> > the kernel tree and will need to be re-reviewed again to determine if
> > they actually are a valid fix.  Until that work is complete, remove this
> > change to ensure that no problems are being introduced into the
> > codebase.
> > 
> > Cc: Kangjie Lu <kjlu@....edu>
> > Cc: Lee Jones <lee.jones@...aro.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > ---
> >  drivers/mfd/mc13xxx-core.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/drivers/mfd/mc13xxx-core.c b/drivers/mfd/mc13xxx-core.c
> > index 1abe7432aad8..b2beb7c39cc5 100644
> > --- a/drivers/mfd/mc13xxx-core.c
> > +++ b/drivers/mfd/mc13xxx-core.c
> > @@ -271,9 +271,7 @@ int mc13xxx_adc_do_conversion(struct mc13xxx *mc13xxx, unsigned int mode,
> >  
> >  	mc13xxx->adcflags |= MC13XXX_ADC_WORKING;
> >  
> > -	ret = mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0);
> > -	if (ret)
> > -		goto out;
> > +	mc13xxx_reg_read(mc13xxx, MC13XXX_ADC0, &old_adc0);
> >  
> >  	adc0 = MC13XXX_ADC0_ADINC1 | MC13XXX_ADC0_ADINC2 |
> >  	       MC13XXX_ADC0_CHRGRAWDIV;
> 
> Thanks for bringing this commit to my attention.
> 
> The associated LWN article was an interesting read and I have to say,
> I was very disappointed to hear about the actions of these so called
> researchers.
> 
> Upon re-review of the original commit, this one does appear valid.
> 
> Do I need to conduct anymore due diligence or can I drop this patch?

I've dropped this revert from my tree now, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ