Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp1017757pxa; Fri, 28 Aug 2020 01:00:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwdK0ZLolOSgJAYHYy/SieeDQjba3csLTnrxxRbMxgnFBx2piF1gtSlIb+ulBVWkcRXLPAG X-Received: by 2002:a50:bf01:: with SMTP id f1mr599993edk.369.1598601638862; Fri, 28 Aug 2020 01:00:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598601638; cv=none; d=google.com; s=arc-20160816; b=pxvHGOXXdW+WYwjhfXtDa63Une5+sktHq6QDnWzuabjqnG9S01UOnabTLxJcQ8ydU+ RSMe6bNktPoc8ZbBzySfGNYMiqzPzhXuJHTyicB6YO69wGzrGcJCqTXLFtvGRdUzcOhT dzq1HUILrSfcP8TMhnnTa2KxXhaSGeXIyMQeTEY2R4mbkEQwsniYC8UF/BvegRFyxCh2 2R5YND2B+JgX/XFCr6jBiBrMmI1kyP4iKYeTHAD0sR5ok4axqkggXvrM5b1TuFIm0H/0 a1hRsDQRoN/KpiNjROzFZVY4tbFY281dCNuakjdRGmECF2fkvTeU6yrSxYgXLD7nTmwC a2rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature:dkim-filter :dmarc-filter; bh=Gt/r/qKlREITPrsScJxjBMwzXFb7YB/EXLOQjzIAH4U=; b=T3/rmwWEfejBWcZsjPe6f5GfCdmGWLkHoWPFt3BE5PF9zR9cJT0ipF12CXBAbfL9u9 n0P551B3yQN7SnrTFCk2H+rgvtZowX/ZHWtWdQSuc5vDnSACkbgXIA/EmMzt7LtcxfSx EUHdhYa/DRXa4PNPcLzx2Bte+CjFznEwIb2k9sTuykH0PpoLyj0cFwjduVfHlenzhsLQ FGxbEy84sSn4cHB7sJHE57n7z3X5pLC387rAnn52MlqFiPpxkCzIks1jOimvMuRdR7OP kWqiRpFyCwZQyScgGk3/cA1o5/drETwjoGq8FqGTA+53diAFu18mMI8wPMmhgT8/Bhls 26/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=FZP0qMxS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t21si85290edi.213.2020.08.28.01.00.16; Fri, 28 Aug 2020 01:00:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=FZP0qMxS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728362AbgH1H7k (ORCPT + 99 others); Fri, 28 Aug 2020 03:59:40 -0400 Received: from mta-p6.oit.umn.edu ([134.84.196.206]:35320 "EHLO mta-p6.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727911AbgH1H7j (ORCPT ); Fri, 28 Aug 2020 03:59:39 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 4BdBp22MWgz9vCBS for ; Fri, 28 Aug 2020 07:59:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLzDXKXMY-_J for ; Fri, 28 Aug 2020 02:59:38 -0500 (CDT) Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 4BdBp16jC6z9vCBC for ; Fri, 28 Aug 2020 02:59:37 -0500 (CDT) DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4BdBp16jC6z9vCBC DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4BdBp16jC6z9vCBC Received: by mail-ej1-f71.google.com with SMTP id f13so208999ejt.16 for ; Fri, 28 Aug 2020 00:59:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Gt/r/qKlREITPrsScJxjBMwzXFb7YB/EXLOQjzIAH4U=; b=FZP0qMxStZQUljlMwuHfMd4tkwCoMEiryYJ9plMZpIf7jIz4KaTrLcoXTVzTOnQIJ9 hq93Cy5FQJZAXJer4P+WzzBiEA3JFjSCk4SaU47ltB4yyYqN7EUVVZ7lKCZYU6GfJZE8 Hk0d4QR3TShMHPu82G6A/d6WaeUUQY7SpjQnvdJaO6fv9XHYyM9DHln2EuSLRvTdLQLM xC+u7HdMDUf21OSl7rmVzvel5CLDLYtE5i+zYkb0hmPsWCn48qV7fmnJvn7JhWgtOkrr tZonh4Qw2vPnsBcxYTE667ob8ZJ7PQkqk1/7tjROJ1S7wC9zIniy0jLjbC5wZxtf+57t uoOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Gt/r/qKlREITPrsScJxjBMwzXFb7YB/EXLOQjzIAH4U=; b=Xv2xf5KDQUNfXmgoALZTSlwwCUtFSoAVMv3ikW3wis2pfwbjAJKe3vAUMlDHsP1BnY D4mm9STAq6nK+TlmxqZE5wUm71PqB8e1ThwwqjyJU2uapwvi6i+FHeUmk1YhNSmkiycj MhRIDSrIuOj5lhpf+XS9ioxqixU6xO6iRTZzbrlNPlDDaOGV02bEKT8w6XM1KlwXLruh UL7ZDpmirNu9qCvJOD4B2abYsm5TeB49o5DIY9J8e8+jKWKgXPDws+Te5NeJWhum/zhA Em/eopSv48jk/HSb+lIrcowoNSgPGB9aFOzJi4FNcvqeBYZ5KZw1zXbD8sd8dGyxPp6M jjpQ== X-Gm-Message-State: AOAM531ZV1r65eBT7qC/FITAFnFLnmrjIKKEcLQdPoYRS/M0+X4I3iC6 DO1Z8SkePYAsLvH8FW+BAOd8pGCd22udAb6mJdDbpR9inSWqS4pBcFoH9N/aAwZXkGoraoGgBVJ FHz31wp74rlRWlWIMicoSy4ReRwWQsDkd0NZ5oJuaKkFN X-Received: by 2002:a17:906:2686:: with SMTP id t6mr537256ejc.406.1598601576710; Fri, 28 Aug 2020 00:59:36 -0700 (PDT) X-Received: by 2002:a17:906:2686:: with SMTP id t6mr537241ejc.406.1598601576397; Fri, 28 Aug 2020 00:59:36 -0700 (PDT) MIME-Version: 1.0 References: <20200827182730.GA712693@kroah.com> <20200828062042.GF56396@kroah.com> In-Reply-To: <20200828062042.GF56396@kroah.com> From: Qiushi Wu Date: Fri, 28 Aug 2020 02:59:25 -0500 Message-ID: Subject: Re: Some questions about the patching process To: Greg Kroah-Hartman , LKML , "David S. Miller" , Kangjie Lu Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Greg, Thanks for your response! > You responded in html format which got rejected by the public list, > please resend in text-only and I will be glad to reply. > Sorry about this! > > 1. Linux allows anyone to submit a patch because it is an open community. > > > And how is 1. a "risk"? We are assuming the possibility of potential malicious commit contributors and want to reduce the risk of accepting vulnerable patches from them. > > We would like to know if maintainers have some methods and tools (such as > > Smatch, Syzbot?) to mitigate these potential issues. We are happy to > > discuss these issues and hope our observations could raise some awareness > > of them. > > How do you "raise awareness" among a developer community that is 4000 > people each year (1000 are new each year), consisting of 450+ different > companies? Yes, this is a problem. Maybe people can summarize and pubic some security coding guidelines for different modules of the kernel, or recommend maintainers to use some bug detection tools to test the patches. > And yes, we have lots of tools, and run them all the time on all of our > public trees constantly. And they fix things before they get merged and > sent out to the rest of the world. > > So what specific things are you wanting to discuss here? Specifically, we are curious about what kind of tools maintainers are often used to test potential bugs or vulnerabilities? Also, can these tools have a high coverage rate to test corner cases like error-paths, indirect calls, concurrency issues, etc? Thanks again for your patience and reply : ), Best regards, Qiushi