lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8fdb21b6-5ea4-4be3-bfac-901ecd638897@amd.com>
Date: Wed, 4 Dec 2024 10:14:31 +0530
From: Raghavendra K T <raghavendra.kt@....com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
 "Huang, Ying" <ying.huang@...ux.alibaba.com>
Cc: linux-kernel@...r.kernel.org, linux-cxl@...r.kernel.org, bharata@....com,
 Andrew Morton <akpm@...ux-foundation.org>,
 Dan Williams <dan.j.williams@...el.com>, David Hildenbrand
 <david@...hat.com>, Davidlohr Bueso <dave@...olabs.net>,
 Jonathan Cameron <jonathan.cameron@...wei.com>,
 Dave Jiang <dave.jiang@...el.com>,
 Alison Schofield <alison.schofield@...el.com>,
 Vishal Verma <vishal.l.verma@...el.com>, Ira Weiny <ira.weiny@...el.com>,
 Alistair Popple <apopple@...dia.com>, Bjorn Helgaas <bhelgaas@...gle.com>,
 Baoquan He <bhe@...hat.com>, ilpo.jarvinen@...ux.intel.com,
 Mika Westerberg <mika.westerberg@...ux.intel.com>,
 Fontenot Nathan <Nathan.Fontenot@....com>, Wei Huang <wei.huang2@....com>
Subject: Re: [RFC PATCH] resource: Fix CXL node not populated issue



On 12/4/2024 8:31 AM, Andy Shevchenko wrote:
> On Wed, Dec 04, 2024 at 10:07:16AM +0800, Huang, Ying wrote:
>> Andy Shevchenko <andriy.shevchenko@...ux.intel.com> writes:
>>> On Tue, Dec 03, 2024 at 02:26:52PM +0800, Huang, Ying wrote:
>>>> Raghavendra K T <raghavendra.kt@....com> writes:
> 
> ...
> 
>>>>> git bisect had led to below commit
>>>>> Fixes: b4afe4183ec7 ("resource: fix region_intersects() vs add_memory_driver_managed()")
>>>>
>>>> This breaks you case, sorry about that.  But this also fixed a real bug
>>>> too.  So, it's not appropriate just to revert it blindly.
>>>
>>> Linus was clear about this recently. Even if it fixes a bug, regression is
>>> still regression and might (*) lead to a revert.
>>> https://lwn.net/Articles/990599/
>>>
>>> (*) in general fixes are better than reverts, but depends on the timing in
>>>      the release cycle the revert may be the only option.
>>
>> I don't think that the timing is so tight that we should not work on
>> proper fix firstly.  I'm trying to work with the reporter on this.
> 
> I agree on this, please do.
> 
>> BTW, the commit b4afe4183ec7 ("resource: fix region_intersects() vs
>> add_memory_driver_managed()") fixed a security related bug.  The bug
>> weakened the protection to prevent users read/write system memory via
>> /dev/mem.  So, IMO, we need to be more careful about this.
> 
> My point was that the regression is obvious and it needs to be fixed.
> That's all. Revert is a last resort in this sense.
> 

I agree in general to both of your comment. (i.e. since this bisected
commit had security fix, we shall try to get better fix than a close to
revert).

  I am trying to work on this, but it is a bit slow on my side.


Thanks and Regards
- Raghu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ