lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c88ea08c-a9d5-ef6a-333a-db9e00c6da6f@suse.com>
Date:   Sun, 14 Aug 2022 10:08:47 +0200
From:   Juergen Gross <jgross@...e.com>
To:     Chuck Zmudzinski <brchuckz@...scape.net>,
        Thorsten Leemhuis <regressions@...mhuis.info>
Cc:     jbeulich@...e.com, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Pavel Machek <pavel@....cz>, Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        regressions@...ts.linux.dev, xen-devel@...ts.xenproject.org,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        linux-pm@...r.kernel.org
Subject: Re: [PATCH 0/3] x86: make pat and mtrr independent from each other

On 14.08.22 09:42, Chuck Zmudzinski wrote:
> On 8/13/2022 12:56 PM, Chuck Zmudzinski wrote:
>> On 7/17/22 3:55 AM, Thorsten Leemhuis wrote:
>>> Hi Juergen!
>>>
>>> On 15.07.22 16:25, Juergen Gross wrote: ...
>>
>> Hi Thorsten,
>>
>> This appears stalled again and we are now over three months
>> from the first report of the regression, The only excuse for
>> ignoring your comments, and other comments on the patches
>> in this patch series for this long a time is that the patch series
>> for some reason cannot be considered a true regression. If this is a
>> regression, then, IMHO, this needs to have a higher priority by the
>> maintainers, or the maintainers need to explain why this regression
>> cannot be fixed in a more timely manner. But continued silence
>> by the maintainers is unacceptable, IMHO. This is especially true
>> in this case when multiple fixes for the regression have been
>> identified and the maintainers have not yet clearly explained why
>> at least a fix, even if temporary, cannot be applied immediately
>> while we wait for a more comprehensive fix.
>>
>> At the very least, I would expect Juergen to reply here and say that
>> he is delayed but does plan to spin up an updated version and include
>> the necessary links in the new version to facilitate your tracking of
>> the regression. Why the silence from Juergen here?
> 
> This is a fairly long message but I think what I need to say
> here is important for the future success of Linux and open
> source software, so here goes....
> 
> Update: I accept Boris Petkov's response to me yesterday as reasonable
> and acceptable if within two weeks he at least explains on the public
> mailing lists how he and Juergen have privately agreed to fix this regression
> "soon" if he does not actually fix the regression by then with a commit,
> patch set, or merge. The two-week time frame is from here:
> 
> https://www.kernel.org/doc/html/latest/process/handling-regressions.html
> 
> where developers and maintainers are exhorted as follows: "Try to fix
> regressions quickly once the culprit has been identified; fixes for most
> regressions should be merged within two weeks, but some need to be
> resolved within two or three days."

And some more citations from the same document:

"Prioritize work on handling regression reports and fixing regression over all
other Linux kernel work, unless the latter concerns acute security issues or
bugs causing data loss or damage."

First thing to note here: "over all Linux kernel work". I' not only working
on the kernel, but I have other responsibilities e.g. in the Xen community,
where I was sending patches for fixing a regression and where I'm quite busy
doing security related work. Apart from that I'm of course responsible to
handle SUSE customers' bug reports at a rather high priority. So please stop
accusing me to ignore the responses to these patches. This is just not really
motivating me to continue interacting with you.

"Always consider reverting the culprit commits and reapplying them later
together with necessary fixes, as this might be the least dangerous and quickest
way to fix a regression."

I didn't introduce the regression, nor was it introduced in my area of
maintainership. It just happened to hit Xen. So I stepped up after Jan's patches
were not deemed to be the way to go, and I wrote the patches in spite of me
having other urgent work to do. In case you are feeling so strong about the fix
of the regression, why don't you ask for the patch introducing it to be reverted
instead? Accusing me and Boris is not acceptable at all!

> I also think there is a private agreement between Juergen and Boris to
> fix this regression because AFAICT there is no evidence in the public
> mailing lists that such an agreement has been reached, yet Boris yesterday
> told me on the public mailing lists in this thread to be "patient" and that
> "we will fix this soon." Unless I am missing something, and I hope I am,
> the only way that a fix could be coming "soon" would be to presume
> that Juergen and Boris have agreed to a fix for the regression in private.
> 
> However, AFAICT, keeping their solution private would be a violation of
> netiquette as described here:
> 
> https://people.kernel.org/tglx/notes-about-netiquette
> 
> where a whole section is devoted to the importance of keeping the
> discussion of changes to the kernel in public, with private discussions
> being a violation of the netiquette that governs the discussions that
> take place between persons interested in the Linux kernel project and
> other open source projects.

Another uncalled for attack.

After sending the patches I just told Boris via IRC that I wouldn't react
to any responses soon, as I was about to start my vacation. This was just a
hint for him, as he was rather busy at that time handling kernel security
issues.

I won't comment on the rest of your absolute unacceptable accusations.

I will continue with the patches as soon as I find time to do so.


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3099 bytes)

Download attachment "OpenPGP_signature" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ