Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp675827pxy; Wed, 21 Apr 2021 12:06:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx1w4A83k6Pa79WDTvhxQuo9fICmi/Yt965t0lYWW6sZOfO2hgwu4wtvvwjda55zVkMhCzM X-Received: by 2002:a17:90b:344f:: with SMTP id lj15mr12984645pjb.211.1619031997150; Wed, 21 Apr 2021 12:06:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619031997; cv=none; d=google.com; s=arc-20160816; b=UJw+GgDEh15Y50C+5rpQe4+eEslHeh5GhyFpnC7j1pvYAemsZPEpc0dZr7k1oRJLwi Vr6CUjrNilidRx4qnzXaxfqfifvEQeQZuQKBdbxZ1rf8ifBiBo0TtXRtYinyO0h8cv2j PuQ8KWjRW9DjEgDUFsVtHplbKfnheciHN2WpjnUZ9aVes0bGpxlvnPFuSA4h1oCqJbz2 Qbo75PCITLb5AhsOcobiKlVgZ9Qc+k5cLIh+hmHUPaT6gufgKd0QFbJe6CnfMcG5Ig/L EJOf3K+hheIeRPnvzdzffYnwkfERXcdpq69M8xwvNGjHJpUwKEhD4e/cuFJReQflxmjH 9AjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=OyNfrHBOjJobxwIZT8lxLVwbw+abFP7rpsteDPfpF2o=; b=AjXjU06tsQBQ5Q8TdIfVW/9eZuG7EXHkBl34s2o3ClmWpXqMqNeUmuAYFOu0X1YOcb j0eP8NnSsHo73W75XEogarctP9JBBi5qXOIml6wGJIcUrXaLS0nKljKHiqbeqh+Jv0ql HVAdcOsEfmkw3fMdXezkpy8nkVOM/wUy1n2CW2icicct2bCe7WKXBWWb8iOUEzOGM+GU 1B2bDCx+F5EzMBciEiyjC0nCdOwIflvHHy03WD0AxdbVT8ujqTzSZZeU3mLbWlTrs9jV 8SpyDNUnvl1iL8YImyRcgjLpTpsVAjcW5EffXRkQ3fGTvw8TsPFeiLPU6HyympRi3lMO wZWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=CvG9Xpu8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j3si332800pfc.218.2021.04.21.12.06.25; Wed, 21 Apr 2021 12:06:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=CvG9Xpu8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243477AbhDUOWS (ORCPT + 99 others); Wed, 21 Apr 2021 10:22:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:50096 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239469AbhDUOWR (ORCPT ); Wed, 21 Apr 2021 10:22:17 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5B2C56144B; Wed, 21 Apr 2021 14:21:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1619014903; bh=0yQMyhTCkuHUWiu3K9JKpgRYqS7WFDiWp7NRJBSSbss=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CvG9Xpu8PBUmRDqa1lzjIxlFY2yDe40q8GKSMUKEmi+I1R6kdryA9fetViiGpE3xx hKUeoIbhZwfw8aOx/d+VxTfI7HOJzbAhPj7MUs9YGwp/Dipi7W1rAky5SVr5qQkt2z ypss8BmHMVfkJzW0diTtSXoKizCDsQsQNn5wxSgc= Date: Wed, 21 Apr 2021 16:21:41 +0200 From: Greg Kroah-Hartman To: Guenter Roeck Cc: linux-kernel@vger.kernel.org, Linus Torvalds , Aditya Pakki , Kangjie Lu , Qiushi Wu , x86@kernel.org, Bjorn Helgaas , "Rafael J. Wysocki" , Arnd Bergmann , David Airlie , Michael Turquette , Bjorn Andersson , Linus Walleij , Bartosz Golaszewski , Daniel Vetter , Jean Delvare , Jiri Kosina , Will Deacon , Laurent Pinchart , Jakub Kicinski , "David S. Miller" , Johan Hovold , Jiri Slaby , Pablo Neira Ayuso , Johannes Berg , Takashi Iwai Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <4afeeb49-620d-5a9d-29fc-453f6118a944@roeck-us.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4afeeb49-620d-5a9d-29fc-453f6118a944@roeck-us.net> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 21, 2021 at 06:56:49AM -0700, Guenter Roeck wrote: > On 4/21/21 5:57 AM, Greg Kroah-Hartman wrote: > > I have been meaning to do this for a while, but recent events have > > finally forced me to do so. > > > > Commits from @umn.edu addresses have been found to be submitted in "bad > > faith" to try to test the kernel community's ability to review "known > > malicious" changes. The result of these submissions can be found in a > > paper published at the 42nd IEEE Symposium on Security and Privacy > > entitled, "Open Source Insecurity: Stealthily Introducing > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University > > of Minnesota) and Kangjie Lu (University of Minnesota). > > > > Sigh. As if this wouldn't be a problem everywhere. > > > Because of this, all submissions from this group must be reverted from > > the kernel tree and will need to be re-reviewed again to determine if > > they actually are a valid fix. Until that work is complete, remove this > > change to ensure that no problems are being introduced into the > > codebase. > > > > This patchset has the "easy" reverts, there are 68 remaining ones that > > need to be manually reviewed. Some of them are not able to be reverted > > as they already have been reverted, or fixed up with follow-on patches > > as they were determined to be invalid. Proof that these submissions > > were almost universally wrong. > > > > I will be working with some other kernel developers to determine if any > > of these reverts were actually valid changes, were actually valid, and > > if so, will resubmit them properly later. For now, it's better to be > > safe. > > > > I'll take this through my tree, so no need for any maintainer to worry > > about this, but they should be aware that future submissions from anyone > > with a umn.edu address should be by default-rejected unless otherwise > > determined to actually be a valid fix (i.e. they provide proof and you > > can verify it, but really, why waste your time doing that extra work?) > > > > thanks, > > > > greg k-h > > > [ ... ] > > Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" > > I see > > 9aa3aa15f4c2 hwmon: (lm80) fix a missing check of bus read in lm80 probe > c9c63915519b hwmon: (lm80) fix a missing check of the status of SMBus read > > The latter indeed introduced a problem which was later fixed with > > 07bd14ccc304 hwmon: (lm80) Fix missing unlock on error in set_fan_div() > > I guess that was part of the experiment. I don't see a problem with the > patch that is being reverted, but it is not extremely valuable either, > so I don't mind the revert. It is not valuable enough to re-apply it later > either. > > FWIW, I didn't see the problem with the second patch even when re-reviewing > it, which makes me suspect that they introduced missing-unlock problems on > purpose. It is important to keep that in mind when re-reviewing the patches. > Also, it may be part of the pattern that they introduced one or more valid > patches followed by a malicious one into the same subsystem on purpose. Thanks for the review of these, much appreciated. greg k-h