Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp64807pxy; Wed, 21 Apr 2021 18:39:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybB4IK0IWXQujN0flJP/5oc3wXrc0PR/R9ST33LX5vBXZdANKCItq9W0iSkLhk/AyQiNfJ X-Received: by 2002:a17:906:32d1:: with SMTP id k17mr741664ejk.94.1619055584731; Wed, 21 Apr 2021 18:39:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619055584; cv=none; d=google.com; s=arc-20160816; b=N9VX3CxyqMABsHnMU/DyuncoGlrdBH/eJQUmYh4gTnHomsS9OXK3RTpJCN0rS8ysHN vP6aDgN/hirGjyNoLGaxKzz+Bbtmq/PL5fBwp1RCMvJI5gCHKG/6ntS4hu75B5vGaQ4q HQ1Kdjkx9uRoWkIzybdOjrkCJKTwszcoJBWsgZW1eRO+G/ml36JirfHqY1zDJT+0Y1yI pxd0lb1rqVuAvW+dk43Vm+KFm8EOb0EAG9okgjB5aj/Xy9nwLnqmH6UeESYfo53sK8k2 R3c05uNf6KA5onUZy9j/vye++h0xilXLwld055JJwSvvw/WCjkP2sA3GvqVJ8LzyM1VB w+3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=sNu1qlrOpR0zAPgbWpUezCw1E16yGW3j3td8y8jfAjQ=; b=t+gtTjP61TOdMWvkg2/EwqI5hNACrbqzbg2rC1YjEl3dzXijtT7aYUe1m84zybesqR KYG93oPOmjRnWizNjfI6EM+MtG7RQvw0knVEHVh/tOOhZchkW/t9/a7QTL0B9j+9I/a/ ksrHku4Ce6QdKNu7+kjATgdGlkSfc6E9N0mdz2rODw3nKIG6qVAFbQoAQyRxW5teCuSV kfbtheF/EOwZ+0LzmKySPZoXfDCxI/FWclhrGiAOT8+jYcKWHz9+seN8Mo59pJU6Pjsc FJRuRQ1TKAHlARYZtjWH7z6FtkOnPl5rQ/ehn4Y2YTpZIJsqxPJR4+6/ljVWtL/VJnCJ mM0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=ViHKrGsx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x16si853425edd.387.2021.04.21.18.39.21; Wed, 21 Apr 2021 18:39:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@ideasonboard.com header.s=mail header.b=ViHKrGsx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240262AbhDUQBW (ORCPT + 99 others); Wed, 21 Apr 2021 12:01:22 -0400 Received: from perceval.ideasonboard.com ([213.167.242.64]:58984 "EHLO perceval.ideasonboard.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243866AbhDUQBV (ORCPT ); Wed, 21 Apr 2021 12:01:21 -0400 Received: from pendragon.ideasonboard.com (62-78-145-57.bb.dnainternet.fi [62.78.145.57]) by perceval.ideasonboard.com (Postfix) with ESMTPSA id 8B38A4AE; Wed, 21 Apr 2021 18:00:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com; s=mail; t=1619020846; bh=ZiQfz4CmZBZJxspZmPxDrA4pf7kXHMD7xcnaRLuC3WM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ViHKrGsx3r/43ELKuuK0YPIw3nW7wsKw4W1/QDrsTu2NZjqmPMnTEW8Nbhn7VPAUr GgilSeuaxN6ser6mFcLBpZD8PIGSD+ZRcNLOV+SAxGMa4SSEnP7C55jDmACQLLGBcC KBVgddMy+Z3L8o8gZaWqSdavUWvq07r8A+lsj00g= Date: Wed, 21 Apr 2021 19:00:41 +0300 From: Laurent Pinchart To: Kangjie Lu Cc: Jiri Kosina , Guenter Roeck , Greg Kroah-Hartman , open list , Linus Torvalds , Aditya Pakki , Qiushi Wu , x86@kernel.org, Bjorn Helgaas , "Rafael J. Wysocki" , Arnd Bergmann , David Airlie , Michael Turquette , Bjorn Andersson , Linus Walleij , Bartosz Golaszewski , Daniel Vetter , Jean Delvare , Will Deacon , Jakub Kicinski , "David S. Miller" , Johan Hovold , Jiri Slaby , Pablo Neira Ayuso , Johannes Berg , Takashi Iwai Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <4afeeb49-620d-5a9d-29fc-453f6118a944@roeck-us.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kangjie, On Wed, Apr 21, 2021 at 10:21:07AM -0500, Kangjie Lu wrote: > On Wed, Apr 21, 2021 at 10:16 AM Laurent Pinchart wrote: > > On Wed, Apr 21, 2021 at 09:44:52AM -0500, Kangjie Lu wrote: > > > On Wed, Apr 21, 2021 at 9:32 AM Jiri Kosina wrote: > > > > On Wed, 21 Apr 2021, Guenter Roeck wrote: > > > > > > Commits from @umn.edu addresses have been found to be submitted in > > > > > > "bad faith" to try to test the kernel community's ability to review > > > > > > "known malicious" changes. The result of these submissions can be > > > > > > found in a paper published at the 42nd IEEE Symposium on Security and > > > > > > Privacy entitled, "Open Source Insecurity: Stealthily Introducing > > > > > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu > > > > > > (University of Minnesota) and Kangjie Lu (University of Minnesota). > > > > > > > > > > Sigh. As if this wouldn't be a problem everywhere. > > > > > > > > Right. > > > > > > > > > > Because of this, all submissions from this group must be reverted from > > > > > > the kernel tree and will need to be re-reviewed again to determine if > > > > > > they actually are a valid fix. Until that work is complete, remove this > > > > > > change to ensure that no problems are being introduced into the > > > > > > codebase. > > > > > > > > > > > > This patchset has the "easy" reverts, there are 68 remaining ones that > > > > > > need to be manually reviewed. Some of them are not able to be reverted > > > > > > as they already have been reverted, or fixed up with follow-on patches > > > > > > as they were determined to be invalid. Proof that these submissions > > > > > > were almost universally wrong. > > > > > > > > > > > > I will be working with some other kernel developers to determine if any > > > > > > of these reverts were actually valid changes, were actually valid, and > > > > > > if so, will resubmit them properly later. For now, it's better to be > > > > > > safe. > > > > > > > > > > > > I'll take this through my tree, so no need for any maintainer to worry > > > > > > about this, but they should be aware that future submissions from anyone > > > > > > with a umn.edu address should be by default-rejected unless otherwise > > > > > > determined to actually be a valid fix (i.e. they provide proof and you > > > > > > can verify it, but really, why waste your time doing that extra work?) > > > > > > > > > > > > thanks, > > > > > > > > > > > > greg k-h > > > > > > > > > > > [ ... ] > > > > > > Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" > > > > > > > > > > I see > > > > > > > > > > 9aa3aa15f4c2 hwmon: (lm80) fix a missing check of bus read in lm80 probe > > > > > c9c63915519b hwmon: (lm80) fix a missing check of the status of SMBus read > > > > > > > > > > The latter indeed introduced a problem which was later fixed with > > > > > > > > Therefore I'd like to ask Kangjie Lu (who is CCed here) to consider > > > > revising his statement in the attempted public clarification: > > > > > > > > "The experiment did not introduce any bug or bug-introducing commit into > > > > OSS." > > > > > > > > at [1] as it's clearly not true. Missing mutex unlock clearky is a bug > > > > introduced by this experiment. > > > > > > Hi everyone, > > > > > > I am so sorry for the concerns. I fully understand why the community is > > > angry. Please allow me to have a very quick response, as Jiri requested. We > > > will provide a detailed explanation later. > > > > > > These are two different projects. The one published at IEEE S&P 2021 has > > > completely finished in November 2020. My student Aditya is working on a new > > > project that is to find bugs introduced by bad patches. Please do not link > > > these two projects together. I am sorry that his new patches are not > > > correct either. He did not intentionally make the mistake. > > > > Do you have a list of all known bad commits ? Not that we shouldn't > > revert the other ones as well, but having a list of bad ones would be > > useful when reviewing commits individually to see which ones may > > actually be correct. > > We did not introduce any bad commits in the study of hypocrite commits. > Please see more details here: > https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf You may not have intended for those patches to be merged upstream, but they were submitted on mailing list for review, and it's clear that at least some of them did get merged. I thus repeat my question: do you have a full list of all malicious patches submitted to mailing lists ? > All of the commits sent by my students are in good faith to fix some bugs. > > > > > [1] https://www-users.cs.umn.edu/~kjlu/ -- Regards, Laurent Pinchart