Greg Kroah-Hartman, wanda ke da alhakin kiyaye tsayayyen reshe na kernel na Linux, ya yanke shawarar hana karɓar duk wani canje-canje da ke fitowa daga Jami'ar Minnesota zuwa cikin kernel na Linux, sannan kuma ya mirgine duk facin da aka karɓa a baya tare da sake duba su. Dalilin toshewar shine ayyukan ƙungiyar bincike da ke nazarin yuwuwar haɓaka ɓoyayyiyar ɓoyayyiyar ƙa'idar ayyukan buɗe ido. Wannan rukunin ya ƙaddamar da faci da ke ɗauke da nau'ikan kwari iri-iri, sun lura da yadda al'umma suka yi, kuma sun yi nazarin hanyoyin da za a yi magudin tsarin bita don canje-canje. A cewar Greg, gudanar da irin waɗannan gwaje-gwajen don gabatar da sauye-sauye na ƙeta abu ne da ba za a yarda da shi ba kuma rashin da'a ne.
Dalilin toshewar shine membobin wannan rukunin sun aika da faci wanda ya kara duban nuni don kawar da yiwuwar kira sau biyu na aikin "kyauta". Idan aka yi la'akari da mahallin amfani da mai nuni, cak ɗin bashi da ma'ana. Manufar ƙaddamar da facin shine don ganin ko canjin kuskuren zai wuce bita daga masu haɓaka kernel. Baya ga wannan facin, wasu yunƙurin da masu haɓakawa daga Jami'ar Minnesota suka yi na yin sauye-sauye masu ban sha'awa ga kwaya, gami da waɗanda ke da alaƙa da ƙari na ɓoyayyiyar lahani.
Mahalarcin da ya aika faci ya yi ƙoƙarin tabbatar da kansa ta hanyar cewa yana gwada sabon na'urar tantancewa kuma an shirya canjin ne bisa sakamakon gwajin da aka yi a ciki. Amma Greg ya ja hankali ga gaskiyar cewa gyare-gyaren da aka gabatar ba na yau da kullun ba ne don kurakurai da masu nazari na tsaye suka gano, kuma duk facin da aka aiko ba sa gyara komai kwata-kwata. Ganin cewa ƙungiyar binciken da ake magana a kai ta yi ƙoƙarin tura faci don ɓoyayyun raunin da ya faru a baya, a bayyane yake cewa sun ci gaba da gwaje-gwajen su tare da al'ummomin ci gaban kwaya.
Abin sha'awa, a baya, jagoran ƙungiyar da ke gudanar da gwaje-gwajen yana da hannu a cikin halaltaccen facin rashin ƙarfi, alal misali, gano leaks na bayanai a cikin kebul na USB (CVE-2016-4482) da tsarin cibiyar sadarwa (CVE-2016-4485) . A cikin wani bincike kan yaduwar rashin lahani, wata ƙungiya daga Jami'ar Minnesota ta buga misali na CVE-2019-12819, raunin da wani facin kernel ya haifar a cikin 2014. Gyaran ya kara kira don saka_na'urar zuwa toshe sarrafa kuskure a cikin mdio_bus, amma bayan shekaru biyar ya bayyana cewa irin wannan magudi yana kaiwa ga samun damar toshe ƙwaƙwalwar ajiya bayan an 'yanta shi ("amfani-bayan-free").
A lokaci guda kuma, marubutan binciken sun yi iƙirarin cewa a cikin aikinsu sun taƙaita bayanai kan faci 138 waɗanda suka gabatar da kurakurai kuma ba su da alaƙa da mahalarta binciken. Ƙoƙarin aika facin nasu tare da kurakurai an iyakance shi ga wasiƙun imel, kuma irin waɗannan canje-canjen ba su shiga Git ba (idan, bayan aika facin ta imel, mai kula ya ɗauki facin na al'ada, sannan an nemi kada ya haɗa da canjin tun da can. Kuskure ne, bayan haka sai suka aika madaidaicin faci).
Ƙari na 1: Yin la'akari da aikin marubucin patch ɗin da aka soki, ya dade yana aika faci zuwa tsarin kernel daban-daban. Misali, direbobin radeon da nouveau kwanan nan sun karɓi canje-canje tare da kira zuwa pm_runtime_put_autosuspend(dev->dev) a cikin toshe kuskure, mai yiwuwa ya sa a yi amfani da buffer bayan yantar da ƙwaƙwalwar da ke da alaƙa da ita.
Addendum 2: Greg ya mayar da ayyukan 190 masu alaƙa da "@umn.edu" kuma ya ƙaddamar da sake duba su. Matsalar ita ce membobin da ke da adiresoshin "@umn.edu" ba kawai sun yi gwaji tare da tura facin da ake tambaya ba, har ma sun yi la'akari da lahani na gaske, da kuma jujjuya canje-canje na iya haifar da dawowar al'amuran tsaro da aka daidaita a baya. Wasu ma'aikatan sun riga sun sake duba sauye-sauyen da aka dawo kuma ba su sami matsala ba, amma daya daga cikin masu kula da shi ya nuna cewa daya daga cikin facin da aka aika masa ya sami kurakurai.
source: budenet.ru