|
|
Subscribe / Log in / New account

Yes, all software changes should be tested

Yes, all software changes should be tested

Posted Mar 17, 2018 19:21 UTC (Sat) by epa (subscriber, #39769)
In reply to: Yes, all software changes should be tested by ardbiesheuvel
Parent article: The strange story of the ARM Meltdown-fix backport

Of course, the original patches to unmap the kernel from userspace were merged without any details about whether they mitigated Meltdown or anything else - they were just hurried into the mainline on the understanding that doing this was now a good idea because important people said so. It's odd to hold these ARM patches to a higher standard, demanding published exploit code before they can go in. Surely they should be merged on the same general principle that address space separation is now the thing to do?

to post comments

Yes, all software changes should be tested

Posted Mar 18, 2018 14:03 UTC (Sun) by gregkh (subscriber, #8) [Link] (2 responses)

That's a very odd claim to make. All of the backported patches were merged to the stable trees after proper testing and validation that they did what they said they did by either myself, or other developers that I trust. If that hadn't happened, I would not have accepted them.

In this way, I am applying the exact same standard to these ARM patches as I have with the other architecture patches of this nature. For me to not apply that same standard would not be very fair, don't you think?

Yes, all software changes should be tested

Posted Mar 18, 2018 20:49 UTC (Sun) by epa (subscriber, #39769) [Link]

OK, I apologize. I was only going by what I had read on LWN and other sources. At the time, the address space separation was merged into the kernel but there was no mention of whether it mitigated the Meltdown attack. (The details of Meltdown only became public a few days afterwards.) As far as an outsider could tell, it was just merged because address space separation was generally thought to mitigate some theoretical attack that was likely to be possible, but without any test cases for a specific attack.

Yes, all software changes should be tested

Posted Mar 18, 2018 20:51 UTC (Sun) by epa (subscriber, #39769) [Link]

Ah, you are talking about the backports to the stable trees, while I was thinking of the initial landing of address space separation in the development branch.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds