lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 7 Nov 2022 08:16:05 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Aaron Lu <aaron.lu@...el.com>
Cc:     Dave Hansen <dave.hansen@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        "Yin, Fengwei" <fengwei.yin@...el.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        "Huang, Ying" <ying.huang@...el.com>,
        linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2] selftest/x86/meltdown: Add a selftest for meltdown

On Mon, Nov 07, 2022 at 10:28:13AM +0800, Aaron Lu wrote:
> Hi Greg,
> 
> Thanks for taking a look.
> 
> On Sun, Nov 06, 2022 at 12:27:12PM +0100, Greg KH wrote:
> > On Sun, Nov 06, 2022 at 06:19:39PM +0800, Aaron Lu wrote:
> > > To capture potential programming errors like mistakenly setting Global
> > > bit on kernel page table entries, a selftest for meltdown is added.
> > > 
> > > This selftest is based on https://github.com/IAIK/meltdown. What this
> > > test does is to firstly set a predefined string at a random user address
> > > and then with pagemap, get the physical address of this string. Finally,
> > > try to fetch the data using kernel's directmap address for this physical
> > > address to see if user space can use kernel's page table.
> > 
> > As this is based on someone else's code, what happened to the proper
> > credit for them as the author and copyright owner?
> 
> Should I list the contributors in the patch header comment section?
> Something like this:
> 
> The original code is contributed by:
> $ git shortlog -sne --all
>     24  Michael Schwarz <michael.schwarz91@...il.com>
>     23  Michael Schwarz <michael.schwarz@...dent.tugraz.at>
>      9  Pavel Boldin <boldin.pavel@...il.com>
>      6  Daniel Gruss <lava@...ss.cc>
>      3  Daniel Gruss <daniel.gruss@...k.tugraz.at>
>      3  Jared Deckard <jdeckard@...ityins.net>
>      3  Moritz Lipp <github@....me>
>      2  Matteo Croce <mcroce@...hat.com>
>      2  Raphael Carvalho <raphael.scarv@...il.com>
>      2  asgh <asgh@...rs.noreply.github.com>
>      1  Eduardo Marques <eduardorbmarques@...il.com>
>      1  Egor Vorontsov <sdoregor@...re.me>
>      1  Jakub Wilk <jwilk@...lk.net>
>      1  Jason Davies <jason@...ondavies.com>
>      1  Lukasz Gryglicki <lukaszgryglicki@...pl>
>      1  Michael Schwarz <michael.schwarz@...k.tugraz.at>
>      1  Raphael S. Carvalho <raphaelsc@...lladb.com>
>      1  Steven <steven@...iously.com>
>      1  Vamsi Krishna <vamsi3@...look.com>
>      1  pierwill <19642016+pierwill@...rs.noreply.github.com>
>      1  ysiyer <yegnesh.s.iyer@...el.com>
> 
> As for copyright, the only copyright I can find in the referenced repo
> is in the LICENSE file and it is: Copyright (c) 2018 meltdown, I'm not
> sure if I'm allowed to add copyright statement for others.

Again, please work with your lawyers so that they can give you the
correct legal advice, one that they are comfortable having a patch with
a signed-off-by from an Intel employee to have.

So next time you submit this, please have an Intel lawyer on the
signed-off-by chain so that we know it is meeting their rules.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ