Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Leon Romanovsky <leon@kernel.org>
Cc: "Shelat, Abhi" <a.shelat@northeastern.edu>,
	Greg KH <gregkh@linuxfoundation.org>,
	Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
	Aditya Pakki <pakki001@umn.edu>,
	Chuck Lever <chuck.lever@oracle.com>,
	Trond Myklebust <trond.myklebust@hammerspace.com>,
	Anna Schumaker <anna.schumaker@netapp.com>,
	"David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>,
	Dave Wysochanski <dwysocha@redhat.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	netdev <netdev@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] SUNRPC: Add a check for gss_release_msg
Date: Wed, 21 Apr 2021 09:56:37 -0400
Message-ID: <20210421135637.GB27929@fieldses.org> (raw)
In-Reply-To: <YIAta3cRl8mk/RkH@unreal>

On Wed, Apr 21, 2021 at 04:49:31PM +0300, Leon Romanovsky wrote:
> On Wed, Apr 21, 2021 at 09:37:27AM -0400, J. Bruce Fields wrote:
> > On Wed, Apr 21, 2021 at 11:58:08AM +0000, Shelat, Abhi wrote:
> > > Academic research should NOT waste the time of a community.
> > > 
> > > If you believe this behavior deserves an escalation, you can contact
> > > the Institutional Review Board (irb@umn.edu) at UMN to investigate
> > > whether this behavior was harmful; in particular, whether the research
> > > activity had an appropriate IRB review, and what safeguards prevent
> > > repeats in other communities.
> > 
> > For what it's worth, they do address security, IRB, and maintainer-time
> > questions in "Ethical Considerations", starting on p. 8:
> > 
> > 	https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
> > 
> > (Summary: in that experiment, they claim actual fixes were sent before
> > the original (incorrect) patches had a chance to be committed; that
> > their IRB reviewed the plan and determined it was not human research;
> > and that patches were all small and (after correction) fixed real (if
> > minor) bugs.)
> > 
> > This effort doesn't appear to be following similar protocols, if Leon
> > Romanvosky and Aditya Pakki are correct that security holes have already
> > reached stable.
> 
> Aditya Pakki is the one who is sending those patches.

Argh, sorry, I I meant Sudip Mukherjee, who reported their reaching
stable.  Apologies.

> If you want to see another accepted patch that is already part of
> stable@, you are invited to take a look on this patch that has "built-in bug":
> 8e949363f017 ("net: mlx5: Add a missing check on idr_find, free buf")

Interesting, thanks.

--b.

  reply index

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-07  0:16 Aditya Pakki
2021-04-07 15:34 ` J. Bruce Fields
2021-04-08 15:01 ` Trond Myklebust
2021-04-08 15:24   ` Olga Kornievskaia
2021-04-08 16:02     ` Trond Myklebust
2021-04-20  7:15 ` Greg KH
2021-04-20 17:10   ` J. Bruce Fields
2021-04-21  5:10     ` Leon Romanovsky
2021-04-21  5:43       ` Greg KH
2021-04-21  6:08         ` Leon Romanovsky
     [not found]         ` <CA+EnHHSw4X+ubOUNYP2zXNpu70G74NN1Sct2Zin6pRgq--TqhA@mail.gmail.com>
2021-04-21  8:15           ` Greg KH
2021-04-21 10:07         ` Sudip Mukherjee
2021-04-21 10:21           ` Greg KH
2021-04-21 11:58             ` Shelat, Abhi
2021-04-21 12:08               ` Greg KH
2021-04-21 12:19               ` Leon Romanovsky
2021-04-21 13:11                 ` Trond Myklebust
2021-04-21 13:20                   ` Leon Romanovsky
2021-04-21 13:42                     ` Steven Rostedt
2021-04-21 13:21                   ` gregkh
2021-04-21 13:34                     ` Leon Romanovsky
2021-04-21 13:50                       ` gregkh
2021-04-21 14:12                         ` Leon Romanovsky
2021-04-21 18:50                         ` Alexander Grund
2021-04-21 13:37               ` J. Bruce Fields
2021-04-21 13:49                 ` Leon Romanovsky
2021-04-21 13:56                   ` J. Bruce Fields [this message]
2021-04-22 19:39                     ` J. Bruce Fields
2021-04-23 17:25                       ` Leon Romanovsky
2021-04-23 18:07                         ` J. Bruce Fields
2021-04-23 19:29                           ` Leon Romanovsky
2021-04-23 21:48                             ` J. Bruce Fields
2021-04-24  7:21                               ` Leon Romanovsky
2021-04-24 18:34                               ` Al Viro
2021-04-24 21:34                                 ` J. Bruce Fields
2021-04-25  0:41                                   ` Theodore Ts'o
2021-04-25  6:29                                     ` Greg KH
     [not found]                                       ` <20210426133605.GD21222@fieldses.org>
2021-04-26 13:47                                         ` J. Bruce Fields
2021-04-22  8:10             ` Sudip Mukherjee
2021-04-22  8:27               ` Greg KH
2021-04-21 12:51       ` Anna Schumaker
2021-04-21 14:15         ` Leon Romanovsky
2021-04-21 15:48           ` Theodore Ts'o
2021-04-21 17:34             ` Mike Rapoport
2021-04-22  3:57               ` Leon Romanovsky
2021-04-21 22:52 ` Guenter Roeck
     [not found] <CAHr+ZK-ayy2vku9ovuSB4egtOxrPEKxCdVQN3nFqMK07+K5_8g@mail.gmail.com>
2021-04-21 19:49 ` Theodore Ts'o
2021-04-22  7:50   ` Eric Biggers
2021-04-21 20:27 Weikeng Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210421135637.GB27929@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=a.shelat@northeastern.edu \
    --cc=anna.schumaker@netapp.com \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=dwysocha@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kuba@kernel.org \
    --cc=leon@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pakki001@umn.edu \
    --cc=sudipm.mukherjee@gmail.com \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git