----- Original Message ----- > From: "Dave Chinner" <david@xxxxxxxxxxxxx> > Sent: Thursday, October 13, 2016 4:49:17 PM > Subject: Re: [bisected] Re: local DoS - systemd hang or timeout (WAS: Re: [RFC][CFT] splice_read reworked) > > Why? This isn't a security issue - CVEs cost time and effort for > everyone to track and follow and raising them for issues like this > does not help anyone fix the actual problem. It doesn't help us > track it, analyse it, communicate with the bug reporter, test it or > get the fix committed. It's meaningless to the developers fixing > the code, it's meaningless to users, and it's meaningless to most > distros that are supporting XFS because the distro maintainers don't > watch the CVE lists for XFS bugs they need to backport and fix. > > All this does is artificially inflate the supposed importance of the > bug. CVEs are for security or severe issues. This is neither serious > or a security issue - please have the common courtesy to ask the > people with the knowledge to make such a determination (i.e. the > maintainers) before you waste the time of a /large number/ of people > by raising a useless CVE... > > Yes, you found a bug. No, it's not a security bug. No, you should > not abusing of the CVE process to apply pressure to get it fixed. > Please don't do this again. As far as I can tell, this is a medium-severity security issue that a non-privileged user can exploit it to cause a system hang/deadlock. Hence, a local DoS for other users use the system. CAI Qian -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
