From: "J. Bruce Fields" <bfields@fieldses.org>
To: Leon Romanovsky <leon@kernel.org>
Cc: "Shelat, Abhi" <a.shelat@northeastern.edu>,
Greg KH <gregkh@linuxfoundation.org>,
Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
Aditya Pakki <pakki001@umn.edu>,
Chuck Lever <chuck.lever@oracle.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Dave Wysochanski <dwysocha@redhat.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
netdev <netdev@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Wed, 21 Apr 2021 09:56:37 -0400
Message-ID: <20210421135637.GB27929@fieldses.org> (raw)
In-Reply-To: <YIAta3cRl8mk/RkH@unreal>
On Wed, Apr 21, 2021 at 04:49:31PM +0300, Leon Romanovsky wrote:
> On Wed, Apr 21, 2021 at 09:37:27AM -0400, J. Bruce Fields wrote:
> > On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote:
> > > Academic research should NOT waste the time of a community.
> > >
> > > If you believe this behavior deserves an escalation, you can contact
> > > the Institutional Review Board (irb@umn.edu) at UMN to investigate
> > > whether this behavior was harmful; in particular, whether the research
> > > activity had an appropriate IRB review, and what safeguards prevent
> > > repeats in other communities.
> >
> > For what it's worth, they do address security, IRB, and maintainer-time
> > questions in "Ethical Considerations", starting on p. 8:
> >
> > https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
> >
> > (Summary: in that experiment, they claim actual fixes were sent before
> > the original (incorrect) patches had a chance to be committed; that
> > their IRB reviewed the plan and determined it was not human research;
> > and that patches were all small and (after correction) fixed real (if
> > minor) bugs.)
> >
> > This effort doesn't appear to be following similar protocols, if Leon
> > Romanvosky and Aditya Pakki are correct that security holes have already
> > reached stable.
>
> Aditya Pakki is the one who is sending those patches.
Argh, sorry, I I meant Sudip Mukherjee, who reported their reaching
stable. Apologies.
> If you want to see another accepted patch that is already part of
> stable@, you are invited to take a look on this patch that has "built-in bug":
> 8e949363f017 ("net: mlx5: Add a missing check on idr_find, free buf")
Interesting, thanks.
--b.
next prev parent reply index
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 0:16 Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24 ` Olga Kornievskaia
2021-04-08 16:02 ` Trond Myklebust
2021-04-20 7:15 ` Greg KH
2021-04-20 17:10 ` J. Bruce Fields
2021-04-21 5:10 ` Leon Romanovsky
2021-04-21 5:43 ` Greg KH
2021-04-21 6:08 ` Leon Romanovsky
[not found] ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21 8:15 ` Greg KH
2021-04-21 10:07 ` Sudip Mukherjee
2021-04-21 10:21 ` Greg KH
2021-04-21 11:58 ` Shelat, Abhi
2021-04-21 12:08 ` Greg KH
2021-04-21 12:19 ` Leon Romanovsky
2021-04-21 13:11 ` Trond Myklebust
2021-04-21 13:20 ` Leon Romanovsky
2021-04-21 13:42 ` Steven Rostedt
2021-04-21 13:21 ` gregkh
2021-04-21 13:34 ` Leon Romanovsky
2021-04-21 13:50 ` gregkh
2021-04-21 14:12 ` Leon Romanovsky
2021-04-21 18:50 ` Alexander Grund
2021-04-21 13:37 ` J. Bruce Fields
2021-04-21 13:49 ` Leon Romanovsky
2021-04-21 13:56 ` J. Bruce Fields [this message]
2021-04-22 19:39 ` J. Bruce Fields
2021-04-23 17:25 ` Leon Romanovsky
2021-04-23 18:07 ` J. Bruce Fields
2021-04-23 19:29 ` Leon Romanovsky
2021-04-23 21:48 ` J. Bruce Fields
2021-04-24 7:21 ` Leon Romanovsky
2021-04-24 18:34 ` Al Viro
2021-04-24 21:34 ` J. Bruce Fields
2021-04-25 0:41 ` Theodore Ts'o
2021-04-25 6:29 ` Greg KH
[not found] ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47 ` J. Bruce Fields
2021-04-22 8:10 ` Sudip Mukherjee
2021-04-22 8:27 ` Greg KH
2021-04-21 12:51 ` Anna Schumaker
2021-04-21 14:15 ` Leon Romanovsky
2021-04-21 15:48 ` Theodore Ts'o
2021-04-21 17:34 ` Mike Rapoport
2021-04-22 3:57 ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
[not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22 7:50 ` Eric Biggers
2021-04-21 20:27 Weikeng Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210421135637.GB27929@fieldses.org \
--to=bfields@fieldses.org \
--cc=a.shelat@northeastern.edu \
--cc=anna.schumaker@netapp.com \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dwysocha@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pakki001@umn.edu \
--cc=sudipm.mukherjee@gmail.com \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-NFS Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
linux-nfs@vger.kernel.org
public-inbox-index linux-nfs
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git