Re: [GIT PULL] Security subsystem updates for 4.14

From: Linus Torvalds
Date: Fri Sep 08 2017 - 13:25:59 EST

On Fri, Sep 8, 2017 at 12:09 AM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> But yes, for the init-time integrity_read_file this is incorrect.
> It never tripped up, and I explicitly added the lockdep annotations
> so that anything would show up, and it's been half a year since
> I sent that first RFC patch..

I don't think anybody actually tests linux-next kernels in any big
way, and the automated tests that do get run probably don't run with
any integrity checking enabled.

Which is why I actually look at the code when merging unexpected stuff.

This is also why I tend to prefer getting multiple branches for
independent things.

Now the whole security pull will be ignored because of this thing. I
refuse to pull garbage where I notice major fundamental problems in
code that has obviously never ever been tested.

Side note: one of the reasons why I _looked_ at this code was because
the exclusive lock requirement was entirely unexplained in the first