lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Sep 2021 18:13:25 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
Cc:     Jakub Kicinski <kuba@...nel.org>,
        Samuel Ortiz <sameo@...ux.intel.com>,
        "David S. Miller" <davem@...emloft.net>,
        "John W. Linville" <linville@...driver.com>,
        netdev@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net] nfc: avoid potential race condition

On Mon, Sep 27, 2021 at 04:58:45PM +0200, Krzysztof Kozlowski wrote:
> On 27/09/2021 16:26, Jakub Kicinski wrote:
> > On Mon, 27 Sep 2021 09:44:08 +0200 Krzysztof Kozlowski wrote:
> >> On 24/09/2021 22:14, Jakub Kicinski wrote:
> >>> On Fri, 24 Sep 2021 10:21:33 +0200 Krzysztof Kozlowski wrote:  
> >>>> Indeed. The code looks reasonable, though, so even if race is not really
> >>>> reproducible:
> >>>>
> >>>> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>  
> >>>
> >>> Would you mind making a call if this is net (which will mean stable) or
> >>> net-next material (without the Fixes tags) and reposting? Thanks! :)  
> >>
> >> Hi Jakub,
> >>
> >> Material is net-next. However I don't understand why it should be
> >> without "Fixes" in such case?
> >>
> >> The material going to current release (RC, so I understood: net), should
> >> fix only issues introduced in current merge window. Linus made it clear
> >> several times.
> > 
> > Oh, really? I've never heard about this rule, would you be able to dig
> > up references?
> 
> Not that easy to go through thousands of emails, but I'll try:
> 
> "One thing that does bother him is developers who send him fixes in the
> -rc2 or -rc3 time frame for things that never worked in the first place.
> If something never worked, then the fact that it doesn't work now is not
> a regression, so the fixes should just wait for the next merge window.
> Those fixes are, after all, essentially development work."
> https://lwn.net/Articles/705245/ 

Yes.  He's talking about fixes to new features which don't work at all.

I once discovered a module that had a bug in probe() and it had never
once been able to probe without crashing.  It had been in the kernel for
ten years.  The developer was like, "Yeah.  We knew it was crap and
wanted to delete it but that was before git and Linus lost the patch."

Anyway, this is a security bug (DoS at the minimum) so it should be
merged into net and set to stable.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ