Greg Kroah-Hartman, wanda ke da alhakin kiyaye tsayayyen reshe na kwayar Linux sanar dashi Na sha kwana da yawa yanke shawara don musun kowane canje-canje daga Jami'ar Minnesota zuwa kernel na Linux, kuma sake dawo da dukkan facin da aka yarda dasu a baya kuma sake duba su.
Dalilin toshewar shine ayyukan ƙungiyar bincike wannan yana nazarin yiwuwar inganta raunin ɓoye a cikin lambar ayyukan buɗe ido, tunda wannan rukunin ya aika faci waɗanda suka haɗa da kurakurai na nau'ikan daban-daban.
Ganin mahallin amfani da alamar, ba ma'ana ba kuma dalilin ƙaddamar da facin shine bincika ko kuskuren canji zai wuce binciken masu haɓaka kernel.
Baya ga wannan facin, Akwai sauran ƙoƙari na masu haɓakawa a Jami'ar Minnesota don yin canje-canje mai wuyar fahimta game da kwaya, gami da waɗanda suke da alaƙa da ƙara raunin ɓoye.
Mai ba da gudummawar da ya aiko facin ya yi ƙoƙarin ba da hujjar kansa gwada sabon mai nazari na yau da kullun kuma an shirya canjin gwargwadon sakamakon gwajin akan sa.
Pero Greg ya ja hankali ga gaskiyar cewa gyaran da aka gabatar ba na al'ada bane na kurakurai da masu nazarin tsaye, kuma facin da aka aiko baya warware komai. Tunda ƙungiyar masu binciken da ake magana a kansu sun riga sun yi ƙoƙari a baya don gabatar da mafita tare da ɓoyewar rauni, a bayyane yake cewa sun ci gaba da gwaje-gwajensu a cikin al'ummar ci gaban kernel.
Abin sha'awa, a baya, jagoran ƙungiyar gwajin ya shiga cikin gyara don halaye na halal, kamar kwararar bayanai akan kebul na USB (CVE-2016-4482) da kuma hanyoyin sadarwa (CVE-2016-4485).
A cikin nazarin ɓoye ɓarna na ɓarna, ƙungiyar Jami'ar Minnesota ta ba da misali game da raunin CVE-2019-12819, wanda ya samo asali ta hanyar facin da aka karɓa a cikin kwaya a cikin 2014. Mafitar ta ƙara kiran put_device zuwa toshe kuskuren sarrafa a cikin mdio_bus, amma bayan shekaru biyar an bayyana cewa irin wannan magudi zai haifar da samun damar-bayan-kyauta zuwa ƙwaƙwalwar ajiya.
A lokaci guda, marubutan binciken sun yi iƙirarin cewa a cikin aikinsu sun taƙaita bayanai kan faci 138 waɗanda ke gabatar da kurakurai, amma ba su da alaƙa da mahalarta binciken.
Limitedoƙarin ƙaddamar da facin takalminku ya iyakance ga wasiƙar wasiƙa kuma irin waɗannan canje-canjen basu kai ga matakin Git ba akan kowane reshe na kernel (idan bayan imel ɗin imel ɗin da mai kula ya sami facin ya zama na al'ada, to, an nemi ku da ku haɗa da canjin saboda akwai kuskure, bayan haka daidai an aika faci).
Hakanan, yin la'akari da aikin marubucin wanda aka soki gyara, ya dade yana facin tsarin kananan kwaya daban-daban. Misali radeon da direbobin nouveau kwanan nan sun karɓi canje-canje zuwa kuskuren toshe pm_runtime_put_autosuspend (dev-> dev), yana iya haifar da amfani da abin adanawa bayan sakin memorin da ya haɗa.
An kuma ambata cewa Greg ya sake komawa baya 190 hade da fara sabon nazari. Matsalar ita ce @ umn.edu masu bayar da gudummawa ba wai kawai sun yi gwaji tare da inganta facin da ake tambaya ba, sun kuma gyara hakikanin rashin lahani, kuma juyawa canje-canje na iya haifar da dawowar batutuwan tsaro da aka tsaresu a baya. Wasu masu kula sun riga sun sake duba canje-canjen da ba a yi ba kuma ba su sami matsala ba, amma kuma akwai alamun kwari.
Ma'aikatar Kimiyyar Kwamfuta a Jami'ar Minnesota ya fitar da sanarwa sanar da dakatar da binciken a wannan yanki, fara tabbatar da hanyoyin da aka yi amfani da su da kuma gudanar da bincike kan yadda aka amince da binciken. Za a raba rahoton sakamakon ga al'umma.
A karshe Greg ya ambaci cewa ya lura da martanin da al'umma ke bayarwa sannan kuma yayi la'akari da yadda ake binciko hanyoyin yaudarar aikin bita. A ra'ayin Greg, gudanar da irin wadannan gwaje-gwajen don gabatar da canje-canje masu cutarwa ba abu ne karbabbe ba kuma ba shi da da'a.
Source: https://lkml.org