On Tue, Jan 14, 2025 at 10:15:12AM -0500, John Meneghini wrote: > Hi Dan. > > I absolutely agree with all of your comments and I appreciate your review. > I agree that all of the issues you've pointed out, with the the exception of > one, need to be addressed. The issues pointed out - especially the string > manipulation issues - can turn into CVEs. We don't want to be checking bugs > like this into Linux. Certainly, nothing should be merged that does not > pass the static checker, et al, automated tools we have. > > My comment here was only to say that I don't think it's reasonable to > ask Karan to break this change into a series of 100 small, reviewable changes. 100 small changes is hyperbole. It would have made this set of 15 patches into probably 23 patches. A day's work perhaps. Creating reviewable patches is part of the process because it forces you to review the code yourself. It makes reviewing the code easier and safer and faster. I feel like if people had asked in Jun last year, you have two options: Option A: Would you rather do one day's work cleaning this code up to make it easy to review? Option B: Would you rather resend it as-is every month for seven months? I feel like most people would choose option A. But the real problem is that we don't have enough SCSI maintainers... Even a quite junior maintainer would help. In drivers/staging, we have a bunch of random volunteers who chime in on stuff like this. It is what it is. regards, dan carpenter
