lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230312190328.GL860405@mit.edu>
Date:   Sun, 12 Mar 2023 15:03:28 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Sasha Levin <sashal@...nel.org>
Cc:     James Bottomley <James.Bottomley@...senpartnership.com>,
        Eric Biggers <ebiggers@...nel.org>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org
Subject: Re: AUTOSEL process

On Sat, Mar 11, 2023 at 01:07:09PM -0500, Sasha Levin wrote:
> > I think the one thing everyone on this thread might agree on is that
> > this bug wouldn't have happened if AUTOSEL could detect and backport
> > series instead of individual patches.  Sasha says that can't be done
> > based on in information in Linus' tree[1] which is true but not a
> > correct statement of the problem.  The correct question is given all
> > the information available, including lore, could we assist AUTOSEL in
> > better detecting series and possibly making better decisions generally?
> 
> My argument was that this type of issue is no AUTOSEL specific, and we
> saw it happening multiple times with stable tagged patches as well.

I suspect that it happens *less* with Greg's patches, since the people
who add (and it's almost always remove) the Cc: tags have the
dependency information fresh in their brains' caches, and are more
likely to correctly tag which patches should and shouldn't have Cc:
stable tags.

Now, if after I've carefully annotated a patch series, some with Cc:
stable tags, and some without, and AUTOSEL were to override my work
and take some extra patches, that I had deliberately not tagged with
Cc: stable, I can (and have) gotten mildly annoyed, but in general, it
means that something which probably shouldn't and didn't need to go
into an LTS kernel ended up going into an LTS kernel, and TBH, when
this has happened, I don't worry about it *too* much.  It probably has
made LTS less sstable when this happens, but it's generally not a
disaster.

In any case, I think the problem of missing dependencies when they are
in a patch series is *primarily* an AUTOSEL problem, and as I said,
probably can be fixed by using the information in lore.

I'll note that we can probably make the "was this part of the patch
series" work even better by encouraging contributors not to take
unrelated patches and put them unnecessarily into a patch series.  So
if I knew that the stable bots were taking patch series into account,
or were about to start taking advantage of this signal, I'd be happy
to push back on contributors to break up patch series that should be
glommed together.

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ