Re: [PATCH 000/190] Revertion of all of the umn.edu commits
From: Guenter Roeck
Date: Wed Apr 21 2021 - 11:49:57 EST
On Wed, Apr 21, 2021 at 09:44:52AM -0500, Kangjie Lu wrote:
> On Wed, Apr 21, 2021 at 9:32 AM Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>
> > On Wed, 21 Apr 2021, Guenter Roeck wrote:
> >
> > > > Commits from @umn.edu addresses have been found to be submitted in
> > > > "bad faith" to try to test the kernel community's ability to review
> > > > "known malicious" changes. The result of these submissions can be
> > > > found in a paper published at the 42nd IEEE Symposium on Security and
> > > > Privacy entitled, "Open Source Insecurity: Stealthily Introducing
> > > > Vulnerabilities via Hypocrite Commits" written by Qiushi Wu
> > > > (University of Minnesota) and Kangjie Lu (University of Minnesota).
> > >
> > > Sigh. As if this wouldn't be a problem everywhere.
> >
> > Right.
> >
> > > > Because of this, all submissions from this group must be reverted from
> > > > the kernel tree and will need to be re-reviewed again to determine if
> > > > they actually are a valid fix. Until that work is complete, remove
> > this
> > > > change to ensure that no problems are being introduced into the
> > > > codebase.
> > > >
> > > > This patchset has the "easy" reverts, there are 68 remaining ones that
> > > > need to be manually reviewed. Some of them are not able to be reverted
> > > > as they already have been reverted, or fixed up with follow-on patches
> > > > as they were determined to be invalid. Proof that these submissions
> > > > were almost universally wrong.
> > > >
> > > > I will be working with some other kernel developers to determine if any
> > > > of these reverts were actually valid changes, were actually valid, and
> > > > if so, will resubmit them properly later. For now, it's better to be
> > > > safe.
> > > >
> > > > I'll take this through my tree, so no need for any maintainer to worry
> > > > about this, but they should be aware that future submissions from
> > anyone
> > > > with a umn.edu address should be by default-rejected unless otherwise
> > > > determined to actually be a valid fix (i.e. they provide proof and you
> > > > can verify it, but really, why waste your time doing that extra work?)
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > > >
> > > [ ... ]
> > > > Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
> > >
> > > I see
> > >
> > > 9aa3aa15f4c2 hwmon: (lm80) fix a missing check of bus read in lm80 probe
> > > c9c63915519b hwmon: (lm80) fix a missing check of the status of SMBus
> > read
> > >
> > > The latter indeed introduced a problem which was later fixed with
> >
> > Therefore I'd like to ask Kangjie Lu (who is CCed here) to consider
> > revising his statement in the attempted public clarification:
> >
> > "The experiment did not introduce any bug or bug-introducing
> > commit into
> > OSS."
> >
> > at [1] as it's clearly not true. Missing mutex unlock clearky is a bug
> > introduced by this experiment.
> >
>
> Hi everyone,
>
> I am so sorry for the concerns. I fully understand why the community is
> angry. Please allow me to have a very quick response, as Jiri requested. We
> will provide a detailed explanation later.
>
> These are two different projects. The one published at IEEE S&P 2021 has
> completely finished in November 2020. My student Aditya is working on a new
> project that is to find bugs introduced by bad patches. Please do not link
> these two projects together. I am sorry that his new patches are not
> correct either. He did not intentionally make the mistake.
>
The author of commit c9c63915519b is Kangjie Lu <kjlu@xxxxxxx>, not some
student, and I have to assume that it intentionally introduced a problem.
That was the whole point of the exercise, wasn't it ?
As mentioned by Jiri, the statement "The experiment did not introduce
any bug or bug-introducing commit into OSS" is obviously wrong. It is
a lie, to say it directly.
I absolutely agree with Greg's assertion: All patches introduced from
the umn.edu domain can not be trusted and should be reverted.
It might be worthwhile to have a discussion at the upcoming maintainers
summit on how to handle contributions from untrusted sources in the
future, and how to identify trusted contributors. Quite obviously the
paradigm has finally changed from "assume the contribution is
well-intended" to "assume the contribution is malicious". I guess that
was prone to happen, but it is sad to experience it anyway.
For my part, congratulations (in a negative sense): You made me much less
inclined to accept minor bug fixes from people I don't know in the future.
Guenter