lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 12 Sep 2021 12:44:20 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Greg KH <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Misc driver fix for 5.15-rc1

On Sun, Sep 12, 2021 at 12:22:39PM -0700, Linus Torvalds wrote:
> On Sun, Sep 12, 2021 at 12:17 PM Kees Cook <keescook@...omium.org> wrote:
> >
> > This was done to deal with the various mangling of reports (i.e.
> > "summaries") I've been getting from CI systems that run LKDTM.
> 
> .. and what makes LKDTM so special?
> 
> IOW, what about ALL THE OTHER REPORTS?

I'm not sure I consider it "special", but since it reports hints about the
build/test configuration combinations (i.e. "this test failed probably
because CONFIG_FOO is missing"), it seemed trivial to also include the
specifics of the version and arch.

> And no, my argument is most definitely not "ok, everything should do this".

Right, I completely understand that. If you really want it gone, I
will rip it out; it'll just make it more time consuming to analyze some
CI reports.

> It's the reverse. The CI systems should be the ones that are fixed,
> not random messages from random places in the kernel have version
> information added.

Completely agreed, and I've been _also_ been spending my time sending
patches[1] to CI tooling too, trying to solve this from both sides. But
not all CIs have the source for their machinery open for patching. :(

-Kees

[1] https://github.com/Linaro/test-definitions/commit/8bd338bbcfa5a03efcf1d12e25b5d341d5a29cbc

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ