From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756680AbdIHRZ4 (ORCPT ); Fri, 8 Sep 2017 13:25:56 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:34453 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753338AbdIHRZy (ORCPT ); Fri, 8 Sep 2017 13:25:54 -0400 X-Google-Smtp-Source: AOwi7QC0cjGkh1kbbO9l7XNkfZKHytDnnmYyEQLebhn+hHNKoTJK53mIC78k/nroU1LZhM5iRkHr60cO6fSAEw+22aA= MIME-Version: 1.0 In-Reply-To: <20170908070943.GA26549@infradead.org> References: <20170908070943.GA26549@infradead.org> From: Linus Torvalds Date: Fri, 8 Sep 2017 10:25:53 -0700 X-Google-Sender-Auth: PrxtbwuISjZOu9EKyzYSWaNkddI Message-ID: Subject: Re: [GIT PULL] Security subsystem updates for 4.14 To: Christoph Hellwig Cc: James Morris , Linux Kernel Mailing List , LSM List , Mimi Zohar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig wrote: > > But yes, for the init-time integrity_read_file this is incorrect. > It never tripped up, and I explicitly added the lockdep annotations > so that anything would show up, and it's been half a year since > I sent that first RFC patch.. I don't think anybody actually tests linux-next kernels in any big way, and the automated tests that do get run probably don't run with any integrity checking enabled. Which is why I actually look at the code when merging unexpected stuff. This is also why I tend to prefer getting multiple branches for independent things. Now the whole security pull will be ignored because of this thing. I refuse to pull garbage where I notice major fundamental problems in code that has obviously never ever been tested. Side note: one of the reasons why I _looked_ at this code was because the exclusive lock requirement was entirely unexplained in the first place. Linus