From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 059A6C433ED for ; Fri, 23 Apr 2021 07:10:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CABFE613F2 for ; Fri, 23 Apr 2021 07:10:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241026AbhDWHKs (ORCPT ); Fri, 23 Apr 2021 03:10:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:56618 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229945AbhDWHKr (ORCPT ); Fri, 23 Apr 2021 03:10:47 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B18B56121F; Fri, 23 Apr 2021 07:10:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1619161809; bh=FGIGAh/APMY+SEmREebL3RMzj4OUlwesmva8CiqfQGc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=SRHmRYzvcK+gneytIGbn4pYINisOaDPuQczzGn8P8CkZKCOIn4JHhrSHaRXt+PuSV naqMU7aGdGcbuRgtn1XzSm+NpXV8kJGD3EcZ13DLfOt55ZbSQSmboWrBBvT+p0fEwr qTeE8gZmUN4bkQI0wYXT71Iay1HizWwGv3IOA7oQ= Date: Fri, 23 Apr 2021 09:10:06 +0200 From: Greg Kroah-Hartman To: Krzysztof Kozlowski Cc: Doug Ledford , Jason Gunthorpe , linux-kernel@vger.kernel.org, Linus Torvalds , Aditya Pakki , Kangjie Lu , Qiushi Wu , x86@kernel.org, Bjorn Helgaas , "Rafael J. Wysocki" , Arnd Bergmann , David Airlie , Michael Turquette , Bjorn Andersson , Linus Walleij , Bartosz Golaszewski , Daniel Vetter , Jean Delvare , Guenter Roeck , Jiri Kosina , Will Deacon , Laurent Pinchart , Jakub Kicinski , "David S. Miller" , Johan Hovold , Jiri Slaby , Pablo Neira Ayuso , Johannes Berg , Takashi Iwai Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <20210421180155.GA2287172@nvidia.com> <18edc472a95f1d4efe3ef40cc9b8d2611d4ab990.camel@redhat.com> <6b19f57c-8d4f-ef3f-9792-f52900137522@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6b19f57c-8d4f-ef3f-9792-f52900137522@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 23, 2021 at 09:01:26AM +0200, Krzysztof Kozlowski wrote: > On 22/04/2021 20:53, Doug Ledford wrote: > > On Wed, 2021-04-21 at 15:01 -0300, Jason Gunthorpe wrote: > >> On Wed, Apr 21, 2021 at 02:57:55PM +0200, Greg Kroah-Hartman wrote: > >>> I have been meaning to do this for a while, but recent events have > >>> finally forced me to do so. > >>> > >>> Commits from @umn.edu addresses have been found to be submitted in > >>> "bad > >>> faith" to try to test the kernel community's ability to review > >>> "known > >>> malicious" changes.  The result of these submissions can be found in > >>> a > >>> paper published at the 42nd IEEE Symposium on Security and Privacy > >>> entitled, "Open Source Insecurity: Stealthily Introducing > >>> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu > >>> (University > >>> of Minnesota) and Kangjie Lu (University of Minnesota). > >> > >> I noted in the paper it says: > >> > >>   A. Ethical Considerations > >> > >>   Ensuring the safety of the experiment. In the experiment, we aim to > >>   demonstrate the practicality of stealthily introducing > >> vulnerabilities > >>   through hypocrite commits. Our goal is not to introduce > >>   vulnerabilities to harm OSS. Therefore, we safely conduct the > >>   experiment to make sure that the introduced UAF bugs will not be > >>   merged into the actual Linux code > >> > >> So, this revert is based on not trusting the authors to carry out > >> their work in the manner they explained? > >> > >> From what I've reviewed, and general sentiment of other people's > >> reviews I've read, I am concerned this giant revert will degrade > >> kernel quality more than the experimenters did - especially if they > >> followed their stated methodology. > > > > I have to agree with Jason. This seems like trying to push a thumbtack > > into a bulletin board using a pyle driver. Unless the researchers are > > lying (which I've not seen a clear indication of), the 190 patches you > > have selected here are nothing more than collateral damage while you are > > completely missing the supposed patch submission addresses from which > > the malicious patches were sent! > > > > This all really sounds like a knee-jerk reaction to thier posting. I > > have to say, I think it's the wrong reaction to have. > > Nothing stops you from participating in the review of this > revert-series, if you think these are valuable commits. Patches getting > the review, won't be reverted (as I understood). You understand correctly :)