Comments

• By ohyes 2023-09-2713:595 reply

  It would have been more appropriate to just give credit to this guy even without accepting his full patch.

  Clearly no one was fixing this security issue unless he found it and submitted a fix.

  It’s unethical to not give credit, in particular if Michael read his patch, changed some stylistic things, and submitted it himself. I’m surprised everyone thinks the maintainer is in the right here.

  If someone scooped up your work and took full credit for it, despite it being a collaboration (and even if miculas code was absolute garbage it was still a collaboration), that wouldn’t feel right, and you wouldn’t want to work with them again.

  By ljm 2023-09-2716:402 reply

  I used to think it was fine to take someone else's contribution and then create a total rewrite of it in my own branch and merge that. Or to go into someone's PR and push a rewrite into a new commit on Github. At least in the latter case there'll still be a contributor credit (`Co-Authored-By`), but someone had to do the same with me for me to realise that it kinda sucked and really soured the experience of being a contributor. In my case, it was that someone 'forked' my project by dumping the code into their own repo without any of the commit history.

  As you say, even if the code was shite, the refactored fix that got merged in would never have existed without it. "I like my version better," feels pretty dismissive and regardless of any other fact I can see how anyone would feel a bit miffed about that after they put the work in.

  Edit: the reply linking to the actual response from the maintainer invalidates my last sentence.

  By nolist_policy 2023-09-2716:563 reply

  But nobody said "Sorry, I like my version better. If you want to be a Linux kernel contributor, here’s an issue you could fix."!

  This[1] is what the maintainer (Michael) said.

  [1] https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-June/24...

  By Aurornis 2023-09-2717:003 reply

  This is much more reasonable than the "paraphrased" reply in the blog post.

  I think it's somewhat dishonest that the blog author used the quotation feature in his blog post, but instead of including a quote he made up his own response as if the kernel maintainer said it. I barely noticed this parenthetical above the gigantic block quote:

  > He said (paraphrasing):

  Anyone reading the blog post too fast would assume the kernel maintainer actually said those dismissive words in the gigantic block quote.

  By tiagod 2023-09-2717:51

  >Anyone reading the blog post too fast would assume the kernel maintainer actually said those dismissive words in the gigantic block quote.

  That's my case. I only know it was paraphrased because of this thread. The quote pulled my attention before I could finish the previous line.

  By orra 2023-09-2717:451 reply

  Yeah, the paraphrasing here is misleading.

  Ironically the topic is intellectual honesty.

  By sshine 2023-10-0116:28

  What's the big deal about misquoting here?

  The blog post author just liked his version better. ;-)

  By avgcorrection 2023-09-2720:34

  Yeah, and I might have felt a bit “blind” if it were not for you guys also having the same experience: I did not see that parenthetical at all, probably both on account of the linebreak right before it and the (as you say) huge blockquote.

  By ljm 2023-09-2717:301 reply

  I would hope the author of the post corrects this, "I wanted to fix it differently" is not even close to "I like my version better."

  It's still a bit crap to not get proper credit, but it's not fair to put words into someone else's mouth either. The author isn't paraphrasing, he's sharing the story he's told himself after being upset.

  By nolist_policy 2023-09-2718:13

  And the maintainers reply already includes the proposed patch, with:

  > Reported-by: Ariel Miculas <...>

  Ariel could just have pressed "reply" in his email client and pointed this out if he felt wronged.

  But no, instead he is writing a blog post one year later misrepresenting the maintainer and the Linux project.

  By dcow 2023-09-2718:50

  I believe the implication is that this exchange happened in private.

  By uranusjr 2023-09-2717:01

  I have this done to me a lot and honestly don’t feel a thing. People don’t really care about other people’s coding styles anyway (except they all suck); the thing got done, everyone got credit. I guess everyone feels differently.

  By whats_a_quasar 2023-09-2716:03

  Agreed. The maintainer can insist on writing the code that makes it into the kernel for quality purposes - that makes sense. But here the article author is a co-author of that patch.

  In academic publishing, this is analogous to sending a pre-print to someone, and that person then publishing on that topic listing you in acknowledgments rather than as a co-author. I get that the point here isn't publishing, it's kernel development, but authorship is still quite important for a professional C.V.

  By alain94040 2023-09-2715:521 reply

  Agreed. I see the job of an experienced maintainer as a facilitator who should bend over backward to help other people's contributions land cleanly. The help often involves feedback on style and architecture consistency, but a sign of a great maintainer is someone who credits others, and mostly stays behind the curtain making sure everything goes smoothly.

  By CodeWriter23 2023-09-2716:27

  And occasionally coming out from under the bridge to give guidance when a contributor gets too far into the weeds.

  By anonymousiam 2023-09-2716:20

  The first few times I submitted suggested patches to the Linux kernel (before semi-automated submissions through the LKML were possible), I had a dialog with the maintainer (Ted Tso in this case). Once he was satisfied with the correctness of my work, he incorporated the patch and all was good. I never asked for, nor received any credit. I was solely interested in improving the kernel and not interested in getting my name in there. (My name ended up in the contributors list anyway for something else a few years later, but I never cared one way or the other.)

  By Ajedi32 2023-09-2714:175 reply

  He was credited. The commit says "Reported-by: Ariel Miculas" which seems accurate to me.

  By mfru 2023-09-2714:223 reply

  "Reported-by tag gives credit to people who find bugs and report them and it hopefully inspires them to help us again in the future." [1]

  Nothing about that says "I have debugged an issue and contributed actual code to fix it" in there.

  [1]: https://docs.kernel.org/process/submitting-patches.html#usin...

  By jxramos 2023-09-2715:06

  I agree, it obscures all the heavy lifting debugging and validating and certifying with strong confidence the fix works and continues to work, the guy even tested it on newer kernel releases. Someone who exudes that much perseverance should be welcomed with open arms. These are the kind of go getter get stuff done type of individuals every company longs for.

  By loeg 2023-09-2715:095 reply

  The thing non-kernel people (including this guy) don't seem to understand is that the debugging and investigation is much more valuable than the actual code fix. The author of the article and commenters here seem overfocused on the actual patch. But the valuable and hard part was identifying the issue. Reported-by gives credit for that.

  (Sure, in the same situation I would prefer to also be credited with authorship too. But I get it.)

  By matrss 2023-09-2715:251 reply

  Reported-by should go to the person who reported the issue 6 years ago. Finding the issue (again), investigating, debugging, fixing and testing that fix sounds more like a hypothetical "Fixed-by", or co-authorship, depending on how similar the final patches really are.

  Authoring the patch is often trivial once the debugging is done. Describing the debugging as just reporting is underselling it.

  By jacquesm 2023-09-2715:352 reply

  That's fair, but before you know it you're going to have a whole taxonomy of different kinds of contributions and there simply isn't one for 'x did RCA' and the fact that the original patch wasn't properly signed off as mentioned in the exchange with the kernel maintainer may have been all that stood between that and another level of accreditation. Which by the way wasn't responded to by the OP as far as I can see, even though the maintainer clearly mentioned it and the LKML list spells out that that is a requirement for accreditation.

  By jxramos 2023-09-2715:521 reply

  yah, this is a sticky point. This is one of those scenarios where I put the onus on the person more familiar with the process to inform others for these sort of nuances. Its one of those information asymmetry / familiarity problems. Maybe both were not well versed in the concept of coauthorship though to be fair and it didn't occur to either of them not knowing what they didn't know.

  By jacquesm 2023-09-2716:002 reply

  I suspect the maintainer never properly realized how much Co-authorship or authorship of the patch meant to the contributor (given that this was their first contribution), and that was probably informed by the size of the patch, the fact that the OP used their corporate email address and the fact that the patch was very small, required work wasn't properly formatted for immediate inclusion.

  One thing I've learned from this thread is that as maintainer of a FOSS package, especially a popular one you are always going to get yelled at (to the point that people will make up reasons and put words in your mouth for yelling at you), no matter what you do. People are literally calling for the maintainer to leave.

  By cutemonster 2023-09-280:03

  The maintainer would have been yelled at no matter what he did? That's an odd conclusion to make from that article.

  Or you're adding some personal other experiences? (What are those? People yelling at you because you did attribute someone for the work they did?)

  By dcow 2023-09-2716:481 reply

  [flagged]

  By jacquesm 2023-09-2716:572 reply

  My 'fixation' is that if you write a 1000 word angry blogpost attacking a kernel maintainer that you weren't properly credited that you could have at least submitted your patch properly formed. You seem to think that a sign-off is a formality, but it really isn't: it's to shield the kernel maintainers from copyright lawsuits by parties that surreptitiously include copyrighted code. It is a very important item on the checklist for a maintainer. You need to personally certify that you are able to make this particular contribution. See the LKML guideline for submitting patches that I've already linked to twice now.

  Having that present would have likely increased the chances of this thing never happening in the first place by a significant factor. Almost every large open source project has their own quirky bits like that and as a newcomer you should at least read the documentation on how to contribute if you want to contribute, especially if that documentation is readily available and meticulously kept up to date.

  Note that LKMS treats patches typically as proposals and not as must include verbatim or ignore and that by engaging the Linux kernel security mailing list a whole pile of mechanisms kicks in that remove options to play nice with newbie submitters and to help coach them through how to reach the state of the patch that would have been expected the first time around.

  OP is aiming a pretty heavy handed attack on a kernel maintainer (a thankless job on the best of days), does so by misrepresenting their interaction in ways that matter and on top of that couldn't be bothered to read the docs.

  By dcow 2023-09-2717:221 reply

  I follow your point about the OP maybe not understanding some context and well it's just a hard lesson learned.

  I don't follow your fixation on sign-off. I am familiar with the guidelines. Like I said, sign-off is clerical. Yes it's obviously important, but it's still clerical. Nothing you've said changes that.

  I agree there's obviously a middle ground here where both the maintainer was acting in the best interest of the community to get a security fix integrated and where the first-time contributor was perhaps miss-attributed in the commotion and feels slighted but also can learn a lesson. I'm not one of those out there calling for a witch hunt to cancel the maintainer (honestly I don't know where to those people are, but I'll take your word that you've encountered a few of them).

  Still, your fixation on "well Ariel didn't sign off on the commit so all's fair" is pretty dismissive of the work Ariel did to get to the patch. The bug was acknowledged and outstanding. This obviously wasn't something massively problematic or the original bug would have been fixed when it was reported (I guess maybe it was misunderstood and it really was serious, but I don't get that vibe), so I don't think we're dealing with a case of urgency trumping all human decency.

  At the end of the day, Ariel is a contributor. No not someone who has privileged commit access to the software, but a contributor to the project nonetheless, whether a maintainer copy-pasted the work or not. And hopefully someone who will continue to contribute in the future. I hope Ariel can come to see it that way whether the maintainer tries to make things right, or even just apologize for the confusion, or not.

  I don't read Ariel sharing his experience as an attack. I read it in his words as:

  > Well, I certainly didn’t feel inspired to get involved with the kernel community again. On the contrary, I felt belittled and angry that my work wasn’t properly recognized.

  > My first contribution to the kernel was a really frustrating and discouraging experience, dealing with people who do not think it’s important to get proper recognition for your work.

  I, at least, hold the "lkml bureaucracy" to higher standards.

  By jacquesm 2023-09-2717:361 reply

  He choose explicitly to bring the Linux security mailing list into this and that changed the playbook considerably. That changes the situation from one where you can take your time to coach the new person to one where speed is of the essence.

  Whatever work Ariel has done has been grossly negated by this attack piece, besides the fact that it omits and/or materially alters the nature of the interaction. At no point did the maintainer leave any doubt as to their intentions, nor was anything that happened unexpected. If you start off your career as a contributor to the Linux kernel by mailing the security mailing list then that requires you to do your homework because otherwise things will be out of your hands. If that was the OPs intention he would have done better to leave the security mailing list out of it and first strike up a conversation with the maintainer about what the best way to start contributing is (there are guides as well, but since he clearly wanted to target this particular subsystem that would have been a valid approach in my opinion).

  It's an attack to me because (1) it mentions an exchange that names individuals and (2) it does so using some very expensive words ('robbery'). That's not the kind of accusation that you make lightly and in this case I think it is vastly misrepresenting what actually happened. You only have to read the responses in this thread to OPs misrepresented account to realize how much effect such a thing can have.

  What happened is that someone new chose a wrong and ultimately broken way to submit a patch to LKML and that the maintainers did their best to get maximum mileage out of it without wasting time on formalities. Note that these are pretty busy people, to put it mildly and by mailing the security list you've just made them that much more busy still (even though, technically the patch was an improvement it still required work that then ended up becoming high priority).

  As for Ariel being a contributor: according to LKML he submitted a proposed patch that needed work, wasn't properly signed off and according to the git commit log he created a report. That's the extent of it, and that's fairly accurate given the standards for these things.

  If you want to argue that those standards need work then you may well have a point. But within the current framework this all was 'business as usual' and totally expected.

  By dcow 2023-09-2718:171 reply

  I'm not arguing with any established contribution process. I'm arguing with your interpretation of this entire issue because it's plain and simply uncharitable and wrong and furthermore doesn't come from any position of authority. You've littered the entire comments section with your snooty attitude and it really doesn't progress the dialog one bit. More importantly, it's not how a community should treat contributors which is why I'm even commenting in the first place. I can handle internet divas being pathetic asshats on HN when it's only hurts themselves. I can't handle the same at the expense of a well-meaning contributor who put in hard work to fix an issue that makes the kernel better for everyone and especially where it involves spreading blatant misinformation about how the kernel community supposedly is allowed to treat people, and takes liberties with IP law.

  I even tried to reach a middle ground understanding and you've doubled down asserting that there's no world in which the author's lived experience can be valid because he didn't initially add a signed-off-by line. If you actually read the post, the author spends most of the time describing the issue and the fix. He takes maybe 5 sentences to explain how he didn't feel like his contribution was accepted in a considerate manner and it's discouraged him from making further contributions. It's not some grand 1000 work attack and if anybody has the thick skin to withstand one of those it's the goliath of the LKML.

  Anyway, the author pretty explicitly states that he did go back and forth with the maintainer privately and provided a fixed up patch which addressed feedback he'd received on the first patch (presumably with a signed-off-by line, now) and the maintainer still didn't want to give credit. You've conveniently ignored this part of the narrative entirely. This really discredits your whole "it was a quick security list issue and wasn't even formatted properly lol this guy obviously deserves no respect for engaging the security list and generally being a noob" angle.

  Everything that we know points to the contributor trying to act responsibly by engaging the security list first since they didn't know the security impact of a possibly major security issue (overwriting the stack of a traced process). I completely fail to understand your logic whereby doing so means the OP obviously fucked up and deserves to have his contribution belittled and stolen and that's just life on the LKML... seriously I think it's time you just admit you're in the wrong here and stop shit posting.

  We've already been through the whole "you shouldn't need to have thick skin and tolerate insults and disrespect to contribute to the linux kernel" as a community. Linus even took a leave of absence over this shit. Your stance that this stuff is acceptable and par for the course is no longer the status quo. Grow up.

  By buzziebee 2023-09-2720:431 reply

  Not adding much to the conversation with my comment here, but I'd like to thank you for calling jaques out on their attitude.

  I've been trying to browse this thread and before I started checking usernames I got the the impression that there's a whole world of maintainers who think it's acceptable to be disrespectful to people spending a lot of time and effort on trying to contribute.

  It turns out it's just a few (very prolific) people creating a lot of negative noise across the thread. Thank you for stepping up.

  By dang 2023-09-295:00

  Hey, please don't cross into personal attack. You can make your substantive points without that.

  https://news.ycombinator.com/newsguidelines.html

  By shadowgovt 2023-09-2718:491 reply

  FWIW, that "Signed-off" gate isn't as solid a shield as one might want.

  If someone put the work in to identify a bug, contributed a fix, and that fix wasn't accepted but another fix inspired by the previous fix was accepted... That could be plagarism.

  Burden of proof is on the plaintiff to prove the fix was inspired by the RCA and proposed fix, of course, but this isn't exactly a clean-room work and kernel maintainers should probably be careful about taking ideas without signoff on the lead-in side too. There's a reason Marvel et. al. in the publishing world can't accept new character concepts.

  By yencabulator 2023-09-2722:121 reply

  The purpose of DCO is to move the guilt of plagiarism etc from the Linux kernel project to the individual contributor who added the Signed-off-by line.

  https://developercertificate.org/

  > (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

  etc

  By shadowgovt 2023-09-2722:33

  Indeed. What I'm saying is it might not work to remove that guilt if a bug is reported and a solution presented, and then instead of incorporating the solution presented the kernel team (without DCO in hand) fixes the bug using code that looks suspiciously inspired by the provided solution.

  This is murky enough that it would have to be decided in the court of law, but it's not cut and dry enough that it would be immediately thrown out of that court of law.

  By matrss 2023-09-2717:051 reply

  The patch I found was signed off. If it wasn't I fail to see how the maintainer could have legitemately signed off his own patch considering it was modified from or inspired by the original patch.

  By jacquesm 2023-09-2717:071 reply

  They went back and forth on that in email with the maintainer very clearly stating their intentions.

  By matrss 2023-09-2717:301 reply

  I did not find that yet. Can I read that anywhere?

  My understanding is that if the initial patch was not signed off then the maintainer could not sign off his patch, unless he wanted to take on the liability of certifying that the contributor was indeed allowed to contribute the initial patch under whatever license we are talking about here. That sounds like a legal risk I would not be willing to take.

  By jacquesm 2023-09-2717:421 reply

  Yes, and that was one of the reasons the maintainer rewrote it (which wasn't a lot of work since it was a tiny patch anyway).

  The OP has submitted a link to an email archive further down in the thread.

  By matrss 2023-09-2718:54

  I see which email thread you mean now. AFAICS OP submitted the patch with a proper sign-off again approximately 6 hours after they were told the sign off was missing. So I don't see how that could have been an issue. The maintainers patch is from more than a week later.

  > Yes, and that was one of the reasons the maintainer rewrote it (which wasn't a lot of work since it was a tiny patch anyway).

  I don't think a simple rewrite is enough to convincingly solve the described problem. There is a reason "clean room design" exists and considering the maintainer read the original patch first before creating their own there is a good argument that they were at least subconsciously inspired by the original patch and therefore plagiarized. That is how I understand the legal aspects of this, anyway.

  By CydeWeys 2023-09-2715:14

  Reporting a bug is a lot less credit than debugging and fixing a bug. He did the latter, even if his exact fix didn't end up being the one merged into the repo.

  Generally most of the work occurs after a bug is reported, as it did here.

  By bluGill 2023-09-2715:55

  Which is all the more reason to give good credit. I have to justify effort I do on company time to my boss. If I had to put in months of work on company time, that needs to be clear to my boss's boss who may not know anything about programming but signs the check. Such people think writing code is the hard part, so it is easier to justify the costs if I'm given credit for writing code for several months (even though the code itself took a couple hours)

  By gorjusborg 2023-09-2717:33

  I'm pretty sure most software people do understand that the work leading up to the fix was the most valuable part.

  I feel like what some people don't understand is that there are contributions like this all the time, and it is often better to take the submitted code as a proof-of-concept than bring a newcomer up to speed on the maintainers' coding standards.

  By FireBeyond 2023-09-2715:371 reply

  And when your fix was the actual fix, but the maintainer rewrote it stylistically? Why should the maintainer get that credit?

  By loeg 2023-09-2720:14

  The author's proposed patch had issues raised in review that were never addressed. I disagree with the characterization that the differences between the two authors' patches were purely cosmetic.

  By Ajedi32 2023-09-2718:012 reply

  There's no such thing as a "have-debugged-and-contributed-actual-code-to-fix-it:" tag. He didn't write the actual commit that fixed the issue, so he was credited in the commit message instead. That seems fine to me. The fact that they didn't include an entire paragraph detailing the exact nature of his contribution isn't a reason to blow this up into some big community drama with over 500 comments on Hacker News.

  By Snild 2023-09-2718:361 reply

  > There's no such thing as a "have-debugged-and-contributed-actual-code-to-fix-it:" tag.

  "Based-on-patch-by:" and/or "Root-caused-by:" comes pretty close, I think.

  It may seem like a small difference, but I understand the author's disappointment.

  By Sprocklem 2023-09-2721:181 reply

  Those might be better, but neither is a tag that is used in kernel commits. There is a list of specific tags that are used, and specific conditions on their use. "Reported-by:" was not a wholly arbitrary choice of words by the maintainer.

  By Snild 2023-09-284:20

  AFAIK, there are no rules limiting what tags you may use -- you can make up your own if you like. And people have. Here's what the kernel git says right now:

      linux$ git log | sed -nE 's/^ *([^ ]+-by:).*$/\1/p' | tr '[:upper:]' '[:lower:]' | sort | uniq -c | egrep -v ' [0-9] '
           20 ack-by:
           74 acked-and-tested-by:
       195801 acked-by:
           24 acked-for-backlight-by:
           49 acked-for-mfd-by:
           19 acked-in-principle-or-something-like-that-by:
           21 acked-off-by:
           10 analysed-by:
           47 analyzed-by:
           26 based-on-a-patch-by:
           97 based-on-patch-by:
           15 based-on-work-by:
          128 bisected-by:
           18 boot-tested-by:
           37 build-tested-by:
          147 co-authored-by:
         4779 co-developed-by:
          175 debugged-by:
           60 diagnosed-by:
           11 disliked-by:
           11 eviewed-by:
           51 fixed-by:
           18 fix-suggested-by:
           32 found-by:
           48 generated-by:
           19 improvements-by:
           79 inspired-by:
           18 located-by:
           10 not-acked-by:
           86 noticed-by:
           30 original-by:
          140 originally-by:
           95 original-patch-by:
           44 pointed-out-by:
           14 proposed-by:
           10 reivewed-by:
           22 reported-and-acked-by:
           12 reported-and-analyzed-by:
           77 reported-and-bisected-by:
           12 reported-and-debugged-by:
           23 reported-and-suggested-by:
         3017 reported-and-tested-by:
           21 reported-bisected-and-tested-by:
        58990 reported-by:
           11 requested-and-tested-by:
          363 requested-by:
           10 review-by:
           55 reviewd-by:
          513 reviewed-and-tested-by:
       304543 reviewed-by:
           16 reviewed-off-by:
           67 reviwed-by:
           11 root-caused-by:
           29 sigend-off-by:
           10 signed-by:
          157 signed-of-by:
      2253448 signed-off-by:
           59 singed-off-by:
           54 spotted-by:
           32 suggested-and-acked-by:
           12 suggested-and-reviewed-by:
           17 suggested-and-tested-by:
        15568 suggested-by:
           48 tested-and-acked-by:
           22 tested-and-reported-by:
           35 tested-and-reviewed-by:
        62630 tested-by:
           12 verified-by:
  
  

  My suggestions are both there (far less often than "Reported-by:", but that's not surprising). I think "Analyzed-by:", "Debugged-by", "Diagnosed-by", "Originally-by:", or "Original-patch-by:" would also have worked.

  If you don't filter out the tags with less than 10 uses, there are some fun ones. For example, "You're-my-ding-a-ling-by:" should be used more often. :)

  By bonzini 2023-09-2720:15

  There is Analyzed-by, it's not super common but in the end you can make up whatever *-by you want. You can also say "Thanks to ... for analyzing the issue and suggesting a possible fix".

  By kevincox 2023-09-2714:241 reply

  I think it depends a lot on how much the final patch was based on the one he wrote. There are a few phases of solving an issue:

  Identified: They have found an issue and reported it.

  Debugged: They found the cause of the issue.

  Fixed: They wrote the fix.

  It seems that Ariel should be credited for somewhere between Debugged and Fixed. But is only explicitly given credit for the first "tier" of solving the problem. It would have been nice to explain a bit more the work that Ariel put in.

  But I agree that I wouldn't expect an inferior (by the maintainer's perspective) patch to be included just to give that credit. But a sentence explaining how Ariel contributed would likely be much appreciated.

  By leereeves 2023-09-2714:332 reply

  Unfortunately the author wasn't comfortable sharing his patch ("this mailing list is private so I cannot link to the original patch I sent"), but a comment now buried deep in the discussion [1] says:

  > The only difference between the patch that was accepted and the one that was proposed is where the fix is. In one case it's in an ifdef outside of an if. In the other it's in an inner if statement. That's it. This is a difference in style not a technical difference in the patch at all.

  It sounds like the author wrote the fix and the maintainer merely edited it to fit the project style.

  If that truly is all that was done, how hard would it have been to ask the author to quickly make that change?

  1: https://news.ycombinator.com/item?id=37672558

  By bluGill 2023-09-2714:431 reply

  IF the patch was only edited for style or other minor issues, then the copyright remains with the original contributor. If the patch was completely rewritten from scratch and is very different then not. (linux does not require copyright attribution)

  If the poster wants to get a lawyer he can probably force rewriting git history to give him credit. Is it worth it - probably not.

  By jacquesm 2023-09-2714:532 reply

  But the OP has copyright. The LKML archive is there for everybody to see, they wrote a bit of code. That code was then modified and that modified version was entered into the repo under the maintainers name, as it usually goes. And that's because when you mail LKML you play by their rules, which have been made very explicit:

  https://www.kernel.org/doc/html/v4.17/process/submitting-pat...

  Note the bit about the Co-developed-by tag:

  "A Co-Developed-by: states that the patch was also created by another developer along with the original author. This is useful at times when multiple people work on a single patch. Note, this person also needs to have a Signed-off-by: line in the patch as well."

  and

  "Note, you did not properly sign-off on this commit, so it couldn't be applied anyway :("

  From the exchange between the OP and the kernel maintainer. Which may have been the whole issue.

  By bluGill 2023-09-2715:511 reply

  None of that changes the fact that the original patch is copyright by the author, and it is highly likely the courts will consider the changes style issues which do not change copyright ownership. Unless the kernel maintainer can show he didn't look at the patch, only the description of the issue and then recreated the patch from scratch.

  By jacquesm 2023-09-2716:062 reply

  Oh, we're going to court now?

  Seriously, this is getting way out of hand: when contributing to a project that has been going for more than a few decades you need to first familiarize yourself with how things are done to set your expectations for the interaction appropriately. The Linux kernel group does a pretty good job and they have their own ways of doing things. It's custom - and polite - to get the lay of the land before yelling 'robbery' when what actually happened is exactly what is supposed to happen: the bug got fixed, you got credited for the report and the maintainer spent some of their - precious - time on getting your proposal - because that is what a patch sent to LKML is - fixed and included.

  And that's ignoring for the moment the fact that the interaction wasn't at all like the OP suggested it was.

  By bluGill 2023-09-2717:391 reply

  Going to court about this is a right. It might not be a good idea, it might not be worth it, but it is a right.

  > The Linux kernel group does a pretty good job and they have their own ways of doing things

  I'm not saying otherwise. However their own ways of doing things appear to be illegal in regard to copyright, and if so they need to change. Yes the maintainer spent time, but it appears like more credit is being claimed by the maintainer than is deserved, credit that should go to the patch submitter. It doesn't matter if this is normal Linux process, it is still wrong and the maintainers should change their process to be morally correct.

  Of course I don't know if the interaction was as OP claims or not. I'm not really interested in digging into it more. Unless I'm on a jury I won't (and a jury is not allowed to dig into it - but that is a different discussion)

  By jacquesm 2023-09-2717:56

  > However their own ways of doing things appear to be illegal in regard to copyright, and if so they need to change.

  I think they're doing things as 'by the book' as possible.

  > Of course I don't know if the interaction was as OP claims or not.

  Well, he documented it twice and those two accounts differ considerably.

  > I'm not really interested in digging into it more. Unless I'm on a jury I won't (and a jury is not allowed to dig into it - but that is a different discussion)

  Who will the OP sue?

  For what exactly?

  In which court?

  None of this makes any sense. If you think the possible outcome of submitting an unsolicited small and broken patch to a security mailing list of a major FOSS project is going to result in you taking anybody to court for copyright infringement then it probably is a great idea not to contribute at all, this will save everybody time and grief. Besides that: the OP - as far as I'm concerned - has copyright to their contribution to LKML, note that nobody except for the OP claims that this is not the case.

  It's interesting how for instance all of the comments written in this forum are technically copyrighted by their writers. But you don't control them after submitting them because of the way the forum is structured, the jurisdiction that it is run from and the expectations that come with forum comments. LKML patch submissions are like that as well: they come with a whole pile of baked in assumptions that the OP apparently wasn't familiar with. The idea that each and every minor patch author, especially of patches that are broken and that do not contain required elements is going to end up being hand-held through the process of making a proper contribution is ridiculous.

  The maintainers work-load is such that the pay-off is that your contribution is looked at at all, better still if it results in a fix (even if it isn't literally yours). And if you want credit then you should at least state that up front so that the maintainer has a chance to work with you out of the spotlight until you're ready to submit your patch publicly.

  Threatening to sue on account of something like this is exactly why I would never be the maintainer of a major open source project, life is too short to deal with all the drama and entitlement.

  By worewood 2023-09-2716:332 reply

  If it were me I wouldn't think it was getting out of hand. Kernel contributions are the kind of thing that goes on your resumé and can land you a dream job. I would look into courts too.

  By jacquesm 2023-09-2717:02

  Then please never submit any patches to LKML because the last thing a maintainer needs is a court case from some entitled newbie that can't be bothered to read the documentation and on top of that is so focused on accreditation that they are willing to go nuclear over a teensy contribution.

  FWIW a submission to LKML does not come with any kind of guarantees for either accreditation, use, timeliness or consideration. You are making a small gift to the Linux kernel and all of its users and as such you are being thanked. Hopefully you got more value out of the Linux kernel than you contributed on account of the work that others have put in. The LKML record will suffice to prove your claims of copyright but realize that your work does not stand on its own, it is always going to be within a larger context. Try affixing a (C) Worewood to a patch you intend for inclusion and send it to LKML and see how you'll fare.

  By dfox 2023-09-2717:30

  The fact that this kind of kernel patch is in any way relevant to one's resume is exactly the thing that is getting out of hand. And the author links to his linkedin profile in the footer, and well, the reference to this patch/contribution/whatever is there, unsurprisingly (and it is the only thing there that they cared about enough to expand upon).

  By FireBeyond 2023-09-2715:382 reply

  > From the exchange between the OP and the kernel maintainer. Which may have been the whole issue.

  Well, if it was, the maintainer didn't communicate that well/at all:

  "I prefer my version".

  By jacquesm 2023-09-2715:47

  That was made up by the OP.

  By rewmie 2023-09-2717:39

  > Well, if it was, the maintainer didn't communicate that well/at all:

  You're making the mistake of accepting at face value a one-sided account of an issue, and in the process failing to even check what the answer actually was.

  By ariel-miculas 2023-09-2715:331 reply

  It's now available here: https://www.mail-archive.com/linuxppc-dev@lists.ozlabs.org/m...

  By hluska 2023-09-2716:021 reply

  Many are asking and I’d like your thoughts. Why did you misrepresent their words to the extent you did?

  By ariel-miculas 2023-09-2719:401 reply

  I don't have access to the private emails between me and Michael Ellerman anymore because I exchanged emails with him from my work email address. I've switched companies since then so unfortunately I don't have access to that conversation anymore. I do remember he pointed me to another bug that I could fix if I wanted to become a Linux kernel contributor. The first part I was paraphrasing from what I could remember.

  By hluska 2023-09-2810:59

  [flagged]

  By m000 2023-09-2715:263 reply

  Reported by would be appropriate credit if (a) the maintainer did not read Ariel's code or (b) Ariel's code was utter crap, so it was effectively discarded.

  "I like my code better" indicates that neither of this happened. So, Ariel deserves (at least partial) credit for fixing, since this was not a "clean room" fix.

  By nolist_policy 2023-09-2715:59

  "I like my code better" is not what the maintainer said[1]:

  > Hi Ariel,

  >

  > I've added Christophe to Cc who works on ppc32.

  >

  > I haven't actually reproduced the crash with gdbserver, but I have a

  > test case which shows the bug, so I've been able to confirm it and

  > test a fix.

  >

  > Thanks for your patch, but I wanted to fix it differently. Can you try

  > the patch below and make sure it fixes the bug for you?

  >

  > I've also attached the test case I've been using.

  >

  > Christophe are you able to test these on some 32-bit machines? I've

  > tested it in qemu and on one 32-bit machine I have here, but some more

  > real testing would be good.

  >

  >

  > If the patch works then I'll need to do manual back ports for several of

  > the stable kernels, and then once those are ready I will publish the

  > patch.

  >

  > cheers

  >

  > [...]

  [1] https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-June/24...

  By dfox 2023-09-2716:01

  Except nobody said “I like my code better”. Or even pointed to another issue for OP to fix. See https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-June/24...

  By dorfsmay 2023-09-2715:482 reply

  And if Ellerman did not want to spend time going back and forth, he could have accepted Ariel's patch then immediately modify in a new commit.

  By jacquesm 2023-09-2715:50

  For that it would have to be properly signed off. This was explicitly noted in the exchange and not remedied by OP.

  By opello 2023-09-285:21

  Why introduce risk in a bisect? A Co-developed-by or another appropriate attribution tag should solve this nicely?

  Lots of options it seems: https://news.ycombinator.com/item?id=37685190

  By bitcharmer 2023-09-2714:283 reply

  "Reported-by" is absolutely not the appropriate level of recognition for Ariel's input. This would be suitable if he just raised the issue with the maintainer along with some context. Instead, he put a lot of work into figuring out the nature of the problem and implementing a fix.

  This is very unethical conduct on the maintainer's part.

  By jacquesm 2023-09-2714:433 reply

  > This is very unethical conduct on the maintainer's part.

  And this is why finding good maintainers for visible FOSS projects is hard.

  You know what's unethical conduct? Misrepresenting someone's words in a way that make them look bad.

  The maintainer did exactly what they usually do, I see absolutely nothing unexpected here, note that this was an unsolicited patch sent to a security mailing list. And this is typically how those are dealt with. To claim 'unethical conduct' is one small step removed from a formal complaint about the maintainer, and which is exactly the wrong message to send here. Witch hunts like this cause good people to leave FOSS projects. The maintainer could have given more credit but chose not to, that's the rules you play by when sending in unsolicited patches. If you must have credit then you should not contribute in this fashion.

  By leereeves 2023-09-2714:491 reply

  > The maintainer could have given more credit but chose not to, that's the rules you play by when sending in unsolicited patches

  Is something like "we may accept your work and choose not to give you credit" actually stated somewhere when you sign up for or submit to that security mailing list?

  Because that's certainly not the usual rule for unsolicited work in other contexts.

  By jacquesm 2023-09-2714:561 reply

  You can read the LKML mailing list page for submitting patches:

  https://www.kernel.org/doc/html/v4.17/process/submitting-pat...

  Absolutely nowhere does it say that accepting your patch will lead to you automatically being given kernel contributor status, and to require that status on the basis of committing a single tiny patch that wasn't properly signed off and required work shows a different set of expectations than one that I would see as reasonable.

  By FireBeyond 2023-09-2715:432 reply

  To me there's a difference between having a commit bit ("kernel contributor status") and having a contribution that was accepted into the kernel.

  Now to look at this patch it looks Michael took the report, debugged, tested, and resolved the issue, when all he actually did is move a single line to outside of a conditional.

  > and required work shows a different set of expectations

  You're really stretching here, the only "required work" missing was a sign off, which Michael could have given.

  In any other environment, this would be plagiarism. And it looks morally poor.

  By jacquesm 2023-09-2715:491 reply

  Well, we're going to have to differ on that then. Michael - in my opinion - properly credited the OP for his contribution, he could have done a longer back and forth to coach the OP to present the 'perfect patch' but this is the wrong venue for that.

  Besides that the OP misrepresented the interaction to a degree that he loses my sympathy, he makes the maintainer come off like a dick when in fact that wasn't the case at all, the interchange was polite and to the point and exactly in line with what I'd expect from a kernel maintainer.

  By dcow 2023-09-2716:33

  [flagged]

  By yencabulator 2023-09-2722:21

  > To me there's a difference between having a commit bit ("kernel contributor status") and having a contribution that was accepted into the kernel.

  Who do you think has the commit bit on the Linux repo? Hint: kernel contributors don't.

  By peyton 2023-09-2714:53

  10–20 good patches is probably the minimum baseline for a contributor. Merging a couple if statements into mainline verbatim is pretty iffy. This guy’s expectations are whack.

  By wang_li 2023-09-2715:212 reply

  [flagged]

  By jacquesm 2023-09-2715:231 reply

  I don't think suggesting the current maintainers of the Linux kernel taking a hike is a very productive angle.

  By stonogo 2023-09-2716:211 reply

  I don't think extrapolating "one person who acts badly not being much of a loss" to "all maintainers should leave" is a good interpretation of what was said.

  By jacquesm 2023-09-2716:311 reply

  If this person is a wanker they all are, if this person should leave they all should leave. Absolutely nothing happened here that warrants such a response.

  By wang_li 2023-09-2716:401 reply

  [flagged]

  By jacquesm 2023-09-2717:041 reply

  You really should familiarize yourself a bit more with how contributions to the kernel work, especially because there is an excellent document that lays out exactly how contributions to the kernel are handled.

  You can find it here:

  https://www.kernel.org/doc/html/v4.17/process/submitting-pat...

  By wang_li 2023-09-2719:051 reply

  No part of that document details out that if you fail to follow their exact ritual then they get to steal your code and include it as their own. In comments all over this thread you go on about OP not following the proper ritual to appease the Greg Kroah-Hartman, for the code not being significant enough, for being unsolicited, for not being exactly as some random maintainer would like it. None of that matters. What matters is that this guy's code is in the kernel, unattributed, with minimal changes. If the kernel maintainers feel the ritual wasn't followed, then they can reject the patch, not steal it.

  By jacquesm 2023-09-2719:281 reply

  > If the kernel maintainers feel the ritual wasn't followed, then they can reject the patch

  That's exactly what they did.

  By wang_li 2023-09-2720:441 reply

  What a strange definition of rejected.

  Keeping 97% of the patch and changing 3% of the patch isn't what anyone would considered rejection.

  By afr0ck 2023-09-281:271 reply

  Seeiously, what are you expecting from Michael? Go back and forth with the newbie until he makes a perfect patch? Sorry, but that's bullshit and clearly a horrible use of a maintainer's time. Michael did his best by fixing the patch and incorporating into the kernel and properly giving credit to the newbie by using the "Reported-By". The fact that there isn't a proper tag to describe the newbie's case is not Michael's fault. Maybe the kernel should add a "Debugged-and-fix-suggested-by", but I also think this is bullshit.

  By foldr 2023-09-288:001 reply

  As noted elsewhere in the thread, there is no fixed set of tags that Michael was limited to choosing from. And he has now acknowledged that the use of Reported-By was incorrect:

  https://www.mail-archive.com/linuxppc-dev@lists.ozlabs.org/m...

  By afr0ck 2023-09-2818:591 reply

  Again as I said, maybe "Reported-By" was not the most correct tag, but it still attributes some form of credit to the newbie. I just think that's too much woke culture and self entitlement from the newbie. You just have to work harder and up your skills to match the maintainer's standards before you can be called a kernel hacker. One or two patches, imho, is not enough to be called a kernel hacker, especially when it's only about fixig a bug. I fixed many similar obscure bugs. Writing a precise algorithm for Automatic NUMA balancing is a true kernel challenge for which one deserves to be called a kernel hacker.

  When I started contributing to the kernel, it was super painful and I failed multiple times. I got super harsh comments (someone called me "retard. It was fun, I laughed, eventually part of my work gor merged) but I always respected the maintainers and I was eager to better myself and improve my analytical and development skills with an open mind to be as sharp as the senior hackers. I always looked up to them and never thought in the same way the newbie did when my patches got re-written or dismissed. I just considered myself "not good enough" and I felt "I had to work harder and smarter".

  By foldr 2023-09-2819:331 reply

  It is irrelevant whether or not anyone considers this guy a 'kernel hacker', because all he wanted was proper credit for the work he did, not a shiny gold badge with 'kernel hacker' written on it. There is never any excuse for failing to credit people's work. It seems you agree that he was not properly credited in this instance (and indeed Michael acknowledges this in his apology).

  Your second paragraph is the same logic that frats use to defend hazing rituals. (I went through it, so why shouldn't the new guy?)

  Introducing the word 'woke' into this discussion can't possibly be a good idea.

  By afr0ck 2023-09-2823:161 reply

  In my opinion, it's all market economics that decide how things work. The moment you introduce a complex courting procedure, where maintainers are required to be nice and acknowledge every little detail and guide the newbies through every half-baked contribution, you'll kill the project. That's because what keeps the maintainers and the senior contributing and maintaining is the technical work and not the human work. Most maintainers would rather spend their time exploring, contributing and doing technically useful stuff than making every newbies happy and welcome and teach ing them to be smarter and better developer. Such a project will automatically loose the ultra smart, self-driven people that keeps projects like the Linux kernel relevant for more than 30 years. It's all market economics.

  By foldr 2023-09-297:00

  No, it’s simple ethics and nothing more: credit where credit is due.

  The maintainer said this guy ‘reported’ the bug when he’d actually diagnosed and fixed it. That was a mistake which the maintainer since apologized for, and the mistake could have been avoided without any additional time and effort on the maintainer’s part simply by using a more appropriate tag.

  You are really going off into outer space with this stuff about ‘market economics’ and ‘complex courting rituals’. In my experience, whenever I need to make very complex and wide-ranging arguments to justify my behavior, it usually means that I’m the asshole.

  By nolist_policy 2023-09-2716:15

  Are you ready to take his place?

  By nemetroid 2023-09-2716:16

  The "Reported-By" must be read in the context of the patch carrying that tag, and not in the context of the blog author's initial issue. The accepted patch has the following title:

  > powerpc/32: Fix overread/overwrite of thread_struct via ptrace

  Miculas is credited with identifying the low-level issue: ptrace is overwriting thread_struct. To me, that does recognize that Miculas did significant analysis work.

  By amatecha 2023-09-2714:521 reply

  Yes, it should have been under "Co-developed-by".

  By jacquesm 2023-09-2715:191 reply

  No, because as the exchange between the maintainer and the OP explicitly mentions it wasn't properly signed off on. That's the requirement for that particular tag: that a submission is in principle ready to be applied.

  By FireBeyond 2023-09-2715:442 reply

  Tell us, what "development" did Michael do that warranted him getting credit, and the OP not?

  By avgcorrection 2023-09-2721:23

  The sticking point here seems to be the DCO, which the “signed off by” thing attests. With that attestation other people who sign-off to the DCO can carry the patch forward (maximum to a pull request against Linus' tree). Without it though you have a broken chain.

  But it ain't much of a sticking point. Most of the time it is just an oversight that can be pointed out and corrected. All it takes is for the maintainer to point it out and ask for it and then then the author to do it. (The patch author themselves need to do it or else there wouldn't be a point to the sign-off; forging a sign-off would defeat the purpose.)

  By jacquesm 2023-09-2715:47

  Kazinator did a pretty good job at that, besides: Michael is not taking any credit, LKML is there for all to read.

  https://news.ycombinator.com/item?id=37675544

  By kazinator 2023-09-2714:57

  Reported-by doesn't specifically express the idea that Miculas investigated the problem through to the root cause.

• By kazinator 2023-09-2714:558 reply

  The maintainer's patch is better.

  1. It doesn't lose the fpidx < (PT_FPSCR - PT_FPR0) test from the 32 bit case.

  2. In the put function, it doesn't lose the *data = child->thread.fp_state.fpscr; fallback assignment, which is taken when fpidx is out of bounds.

  3. It avoids the pointless FPRINDEX macro which reduces to identity if TS_FPRWIDTH is 1. The original patch's commit message says "On PPC32 it's ok to assume that TS_FPRWIDTH is 1", but then includes this anyway:

    #define FPRNUMBER(i) (((i) - PT_FPR0) >> 1)
    #define FPRHALF(i) (((i) - PT_FPR0) & 1)
    #define FPRINDEX(i) TS_FPRWIDTH * FPRNUMBER(i) * 2 + FPRHALF(i)
  

  Sorry, just because you found this trivially fixable array mismatch doesn't mean your buggy patch has to be accepted the way it is.

  The maintainer should, however, acknowledge that Miculas didn't simply report the problem, but that Miculas investigated identified the root cause, and had his own version of almost the same simple fix.

  "Reported-By" lacks the precision to express that it was thoroughly investigated by that party, and root-caused.

  By bhouston 2023-09-2715:324 reply

  I agree that the maintainers work is better. But he could have just done this as a code review on the patch and ask for an update.

  That happens constantly for new contributors to a project and it is the proper way to do things - it teaches people and brings them up to speed. If you just redo their work, you are discouraging them from contributing while also not allowing for a teachable moment.

  By hnfong 2023-09-2716:417 reply

  I looked at the two patches, and TBH the time taken to write the final correct patch would be a fraction of the time needed to explain how to write a better patch.

  In a company where people are expected to stay around for a while, it may make sense to invest time to bring juniors up to speed. But I wonder whether that's true for OSS projects in general. A person randomly shows up to report and attempt fix a bug in an "obscure"(?) architecture -- this is not a junior who just joined the team, and they have no commitment to stick around to do more contributions.

  In this case, from a utilitarian perspective, it doesn't seem obvious the maintainer should spend the extra time coaching.

  This might be a minority view here, but TBH I don't think anyone should be obliged to go out of their way to spend extra time and effort to avoid offending a random person on the Internet.

  By bhouston 2023-09-2717:082 reply
  > TBH the time taken to write the final correct patch would be a fraction of the time needed to explain how to write a better patch.
  This is always the case for a senior developer dealing with a junior developer. Basically your argument is that junior developers shouldn't try to contribute and if they do, they will just be rejected out of hand if they make any mistakes. Okay.
  > But I wonder whether that's true for OSS projects in general. A person randomly shows up to report and attempt fix a bug in an "obscure"(?) architecture -- this is not a junior who just joined the team, and they have no commitment to stick around to do more contributions.
  If you treat people like crap, they won't stick around. So it is a bit of a self-fulfilling prophecy.
  I think that great OSS leaders are few and far between. One that I can think of that I've worked closely with for a decade is mrdoob of Three.js. Humility, openness, focus and good people skills. I cannot approach his skill set here, and in part that is why I respect it so much. He achieves a lot and there are hundreds of contributors to Three.js of all different skill levels. And he definitely is not going around rewriting simple PRs just because he can and instead he and others are coaching and encouraging the community. This is why Three.js thrives.
  I think this particular OSS developer isn't leader and is more of an individual contributor type who doesn't collaborate well. That is okay. It is unfortunate that his behavior is reflecting poorly on the Linux project, but that is who he is.
  By hnfong 2023-09-2718:45

  > Basically your argument is that junior developers shouldn't try to contribute and if they do, they will just be rejected out of hand if they make any mistakes. Okay.

  I don't think that's as wrong as it sounds. There are projects and codebases that are more or less "done" (and heading towards obsolescence) and aren't worth it to expend resources for juniors to learn how to work on them.

  It's usually much more rewarding to have junior developers try to implement something "new" instead of fixing obscure bugs on a stable codebase. There's much more leeway for mistakes in new features, there is less/no learning curve to grok the intricacies of the existing code, and fewer surprising edge cases that the juniors would inevitably miss because they haven't been stung by it 10 years ago.

  As I mentioned, it's up to the projects themselves to decide how much they want to expend extra resources in bringing up potential new contributors. As with most things in software engineering, it's a trade off.

  And yes, the OP feeling angry with the way the kernel maintainer handled this issue could be said to be a trade off as well. I think the only thing that's unfair about this discussion is that you and maybe a hundred others are making claims about the kernel maintainer ("isn't leader", "behavior reflecting poorly on the Linux project", "treat people like crap") for allegedly misattributing credit for a less than 20 line patch.

  Imagine a minor mistake you made 1.5 years ago making the front page of HN and hundreds of people slinging insults at you. I wonder how that feels. Quoting from you:

  > If you treat people like crap, they won't stick around.

  By arp242 2023-09-2719:211 reply

  > I think that great OSS leaders are few and far between.

  We can also revert this and say that great contributors are "few and far between".

  Collaboration, patience, and empathy is a two-way street. Could the maintainer have done better? I guess; I would have done things a bit different. Then again, maybe their dog died that morning and they were in a foul mood? I'm not joking: people aren't perfect, they have good and bad days for all sorts of reasons, etc. Everyone makes a mistake now and again.

  But whatever this maintainer could have done better, this blog post also isn't a good look: sour grapes a year and a half later and making a big deal out of what is really a singular minor personal conflict (and with some misrepresentations to boot). Now, maybe the author's dog died this morning, so I'm not going to attach any far-fetched conclusions about this person, or about Cisco, because again, everyone has bad days and no one is perfect.

  Making a big deal out of any mistake or conflict is also toxic, as is making rather strong conclusions about a person based on a single event.

  By bhouston 2023-09-2719:32

  > But whatever this maintainer could have done better, this blog post also isn't a good look

  You are correct, I definitely would not have written that blog post either.

  > Making a big deal out of any mistake or conflict is also toxic, as is making rather strong conclusions about a person based on a single event.

  I believe what you are describing is formally called the Central Attribution Error (CAE.) https://ethicsunwrapped.utexas.edu/glossary/fundamental-attr...

  You are right, I should edit my original comment to remove my speculations that are probably based on CAE but it is now locked for editing.
  By kazinator 2023-09-2717:041 reply
  Not really.
  1. Please don't drop cases from your #if CONFIG_PPC32 blocks that are handled on 64 bit. You can use if (IS_ENABLED(CONFIG_PPC32)) instead of #ifdef so the only difference is in the array access.
  2. Please remove the FPRINDEX macro; as you note in your commit message, we can assume TS_FPRWIDTH is 1.
  The maintainer also wrote a long and detailed commit message in his own version of the patch; he had time to explain things.
  In this exact situation, I would possibly have made the code adjustments myself and written "patch provided by Ariel Miculas". Then send an e-mail saying that I made a few minor tweaks to your patch, here is what it looks like.
  "patch provided by" tells the truth: that person provided a working patch. It doesn't say that the patch they provided is precisely this one.
  By jacquesm 2023-09-2718:13

  A maintainer can't approve a patch that wasn't properly signed off, that's one of the very few rules set for patch submission that has nothing to do with the code but everything to do with the legal implications of including code that isn't properly attributed and an essential part in keeping the Linux kernel unencumbered.

  This is not some rubberstamp formality, it is an actual declaration of authorship and shields the kernel maintainers from possible claims of copyright infringement.
  By mplewis 2023-09-2717:08
  You're missing the point. "I can do it faster" discourages new contributors from wanting to help out ever again.
  By Arnavion 2023-09-2718:451 reply
  >A person randomly shows up to report and attempt fix a bug in an "obscure"(?) architecture
  Everyone involved in this story, both the original author, the second person who authored the patch, and the maintainer who reviewed it, are on the mailing list for that obscure architecture. It's obvious that they all care about it. Its "obscurity" in your eyes is irrelevant.
  >In this case, from a utilitarian perspective, it doesn't seem obvious the maintainer should spend the extra time coaching.
  https://news.ycombinator.com/item?id=37675328
  By hnfong 2023-09-2719:401 reply

  > https://news.ycombinator.com/item?id=37675328

  I was replying to a specific comment suggesting that the maintainer should do a code review, give comments and ask for an update to the patch, instead of rewriting the patch. Quoting my words out of context isn't helpful here.

  By Arnavion 2023-09-2720:04

  And my point was that from "a utilitarian perspective" there's a middle ground between "coach the original author to produce a better patch" and "commit your own patch without crediting the original author"; it's "commit your own patch while crediting the original author". There's no "out of context" quoting in my comment.
  By timeon 2023-09-2717:59
  > a fraction of the time needed to explain how to write a better patch
  He apparently had six years (since bug was reported) to do it. I think he surely could spend some time.
  By tjoff 2023-09-2716:48
  The time to write the patch is insignificant in this context.
  By that_guy_iain 2023-09-2716:511 reply
  I would say that the author stated he asked for his patch to be accepted so he could be a contributor implies they weren't planning on contributing more. So it doesn't seem like a sceranio where they should spend that extra time.

  By fsdjkflsjfsoij 2023-09-2715:583 reply

  A lot of these maintainers are already overworked and don't have time to tutor every single person that wants to put kernel contributor on their resume. A lot of people have this extremely idealistic view of open source but the reality is that the vast majority of patches you receive will be atrocious and you shouldn't have to tutor every single "potential" contributor. This case is even worse since this issue was posted to a security mailing list which means time to resolution is important.

  By caconym_ 2023-09-2716:304 reply

  > A lot of these maintainers are already overworked and don't have time to tutor every single person that wants to put kernel contributor on their resume.

  This seems like a very cynical view of what happened here, and completely unfounded.

  Obviously these big open-source projects need gatekeepers, but if the gatekeepers often make aspiring contributors feel violated and humiliated rather than offering feedback to get their initial contributions across the finish line, general interest and enthusiasm for contributing are going to dry up. Maybe that's by design, but it doesn't feel sustainable in the long term.

  By hnfong 2023-09-2716:513 reply

  It would be quite sad if we've gotten to a point where saying "I think my patch is better than yours" from a domain expert to a newbie is considered humiliating and violating.

  Talking about utilitarian consequences, Linus had been way worse and while I fully agree from a moral perspective that his most extreme behaviors were bad, from a purely utilitarian perspective that didn't prevent Linux from being one of the most successful OSS projects out there.

  By caconym_ 2023-09-2716:561 reply

  > It would be quite sad if we've gotten to a point where saying "I think my patch is better than yours" from a domain expert to a newbie is considered humiliating and violating.

  Isn't this a little bit disingenuous? Do you really think the author of OP's blog post is upset simply because a Linux kernel maintainer has far more domain expertise than him and is in principle capable of writing a "better" patch?

  That would be pretty irrational, I agree!

  By zassy 2023-09-283:361 reply

  The real disingenuous part is where OP lied about the maintainer saying his patch was better.

  It would be pretty bad if he said that, but he never did.

  By caconym_ 2023-09-295:33

  I agree that Miculas (the submitter of the original patch) should not have chosen formatting typically associated with direct quotations, but now you're the one putting words in his mouth: he didn't say Ellerman said his (Ellerman's) version was better, he (Miculas) said Ellerman said he liked his (Ellerman's) version better.

  Ellerman's actual words were "I wanted to fix it differently", so while I don't think Miculas' paraphrasing was entirely appropriate (why paraphrase at all?), I also don't think it was a misrepresentation of what Ellerman actually said.

  By jacquesm 2023-09-2718:14

  Besides the fact that he didn't actually say that at all.

  By kazinator 2023-09-2718:10

  Because it could be seen as communicating: "my ten minutes of coding around the array access problem is more perfect than your hours of investigation to root cause the issue plus your ten minutes of coding".

  By fsdjkflsjfsoij 2023-09-2716:371 reply

  > feel violated and humiliated

  A lot of contributors are going to feel like this if their patch doesn't get accepted immediately and the maintainer in this case was extremely respectful even though the offered patch had multiple major issues. Contributors shouldn't feel entitled to free tutoring.

  By caconym_ 2023-09-2716:521 reply

  > multiple major issues

  Seems debatable and debated, reading through the rest of this thread.

  Regardless, I'll reiterate my point more straightforwardly: it's the maintainers' prerogative to treat aspiring contributors however they like, but actions have consequences, and some of those consequences may be deleterious to a project's health.

  By fsdjkflsjfsoij 2023-09-2717:032 reply

  > Seems debatable and debated, reading through the rest of this thread.

  Most of the people commenting in this thread haven't looked at the code and anyone saying the two patches are equivalent can be safely ignored. Out of the issues kazinator pointed out, 1 and 2 are definitely major issues and 3 is debatable although it is definitely suboptimal.

  > some of those consequences may be deleterious to a project's health

  Of course, but I think it might not be in the way the "everyone can be a valued contributor" crowd thinks.

  By ariel-miculas 2023-09-2817:37

  See https://news.ycombinator.com/item?id=37692883

  By caconym_ 2023-09-2717:131 reply

  > the "everyone can be a valued contributor" crowd

  Of course! Who will keep the hordes of dimwits and dilettantes and LinkedIn jockeys at bay, if not those whose merit has already been proven?

  By fsdjkflsjfsoij 2023-09-2717:211 reply

  > Who will keep the hordes of dimwits and dilettantes and LinkedIn jockeys at bay

  This is unironically a very serious problem and why most of the best open source projects are basically corporate FAANG projects that are really only open source for optics.

  By caconym_ 2023-09-2717:22

  On its face, you won't catch me arguing with that. It's a hard problem, for sure.

  By xw3099 2023-09-2717:261 reply

  > Maybe that's by design, but it doesn't feel sustainable in the long term.

  That could be, but on the other hand, the Linux kernel is more than 30 years old and is on its 6th version...

  One might also consider the rarity of maintainers who can write high quality code and donate large amounts of time. To find and retain someone like that one might also be required to allow them to be curt with random people on the internet from time to time. I can see how drive by contributions could get old fast from their point of view.

  By caconym_ 2023-09-2717:401 reply

  > That could be, but on the other hand, the Linux kernel is more than 30 years old and is on its 6th version...

  Indeed, and while we're speaking in broad generalities, surely no strategy that worked to launch a project from tiny seed to maturity and market saturation has ever then failed to keep it relevant in the long term...

  > I can see how drive by contributions could get old fast from their point of view.

  Indeed. But (again addressing generalities) my issue here is that the contribution in question doesn't read as "drive by" to me.

  By xw3099 2023-09-2717:551 reply

  > surely no strategy that worked to launch a project from tiny seed to maturity and market saturation has ever then failed to keep it relevant in the long term...

  If the rate of submissions falls then it certainly makes sense to adjust. Until then, don't fix what isn't broken.

  By caconym_ 2023-09-2718:42

  Frankly, if you treat effortful but green contributors the same way you treat grindset morons and LinkedIn jockeys, I would put money on the submission rate from the latter continuing to increase long after most of the former have decided your project isn't worth their time.

  This is a bit of a moot point, though, since I don't think it's very common for Linux kernel maintainers to behave this way. Correct me if I'm wrong.

  By that_guy_iain 2023-09-2716:551 reply

  > This seems like a very cynical view of what happened here, and completely unfounded.

  It is not unfounded at all. The author clearly stated the reason they wanted their commit to be accepted was should they could be contributor.

  By caconym_ 2023-09-2716:581 reply

  Do you think there is any reason somebody might want to be credited for work they did other than having the ability to put it on their resume?

  By that_guy_iain 2023-09-2717:121 reply

  He had the credit amongst those who were paying attention. It wasn't like this was done in secret. Others chimed in to agree that the maintainers commit was better. So the only credit he didn't get was a commit credit which is important to be a "Linux Contributor" which clearly explictly wrote was the reason they asked for their commit to be used or to work on another patch.

  I think it would be odd to disbelieve the author.

  By caconym_ 2023-09-2717:131 reply

  [flagged]

  By that_guy_iain 2023-09-2717:152 reply

  [flagged]

  By mardifoufs 2023-09-2717:551 reply

  Where did they declare that they want this for their CV?

  By that_guy_iain 2023-09-2719:121 reply

  At least your attempt at continuing the strawman is better. But still, come on. You know better than this.

  By mardifoufs 2023-09-2719:301 reply

  What are you even talking about? This is my first reply on this thread, but keep projecting?

  By that_guy_iain 2023-09-2719:55

  Ok. Here is a lesson on forums. The comment thread you replied to is full of a guy trying to use a strawman argument. Except he stuck with the same one. You came along with a new strawman argument. So because you replied to a series of strawman arguments with a new attempt at a strawman arguments I wrote my comment in context of where it is in the thread of replies. So I congratulated you on being different. However, I then went on to shame you for using a strawman argument in the first place.

  The lesson here, is always remember context. The point at which you start your input is surrounded with the context of before it. So if you were closer to the start the context of the previous strawman attempts wouldn't have been in play.

  By caconym_ 2023-09-2717:171 reply

  You need to work on your reading comprehension. This will be my last reply to you.

  By dang 2023-09-295:241 reply

  Personal attacks will get you banned here, regardless of how wrong someone else is or you feel they are. Please don't post like this to HN.

  If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

  By caconym_ 2023-09-2917:332 reply

  This was not a personal attack, it was a statement of fact. The user in question was obviously either engaging in bad faith or could not be bothered to read back for ~15 seconds to understand the context of my post. When I pointed this out to them, they doubled down. They were not just wrong, in my personal opinion or objectively in whatever sense---they wasted my time and insulted me.

  Speaking of pointing the above out, why is this comment flagged? Is this considered a personal attack too? https://news.ycombinator.com/item?id=37677835

  ---

  You can see from my other comments in this thread that I prefer to engage respectfully with other commenters, even ones I disagree with, and I believe my total commenting history going back to 2016 will reflect that I do in fact take the intended spirit of the site to heart. But if speaking forthrightly to a bad faith and/or willfully ignorant interlocutor like this user drags me down to their level in your view, you ought to ban me right now. Thanks.

  By dang 2023-09-2919:351 reply

  Statements of fact can be personal attacks. Here's an example I've mentioned a few times: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que....

  If you find yourself inspecting someone else's comments or behavior for how much bad faith you perceive, or what they couldn't be bothered to do, or anything of the "who said what" variety, you've already fallen off the path of curiosity* and this is a clear sign that you should refrain from posting. That's not a criticism—it happens to all of us and it takes work and practice to avoid it. But it's work we all have to do as a community, if HN is to last for its intended purpose. (Btw that's also the answer to why 37677835 was flagged - it wasn't a personal attack but it was a step off the garden path and into the weeds.)

  When a commenter uses phrases like "bad faith" or "willfully ignorant" or "down to their level' about another commenter, it's usually a sign that they're too activated by a conversation to really practice the principle "Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith." (https://news.ycombinator.com/newsguidelines.html) In such a case it is better to refrain from posting until you no longer feel that way. Why? because you (I don't mean you personally, but all of us) are not functioning in the range of curiosity when you feel that way—it's impossible; and second, if you reply with what feels to you like "speaking forthrightly" in that moment, you're likely to post things that land with the other commenter, and also the general reader, as attacks, not to mention get replied to by moderators asking you not to post that way.

  * https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...

  By caconym_ 2023-10-0120:291 reply

  A statement becomes a personal attack when it's intended as an attack, not simply because it's hurtful to the recipient. For instance, (addressing the pg example you mentioned elsewhere) it's not generally a personal attack when an old and/or sick person's doctor says they have a few months left at best, though hearing it will probably upset them. It's likely (though absolutely not certain!) that one middle schooler pointing out another's acne intends for it to be hurtful, but I don't think you could reasonably blame a very small child for pointing out the same—though it would certainly be a teachable moment.

  Semantics aside, I understand from experience how difficult it is to moderate situations like this, but as a user-privileged participant in any discussion I reserve the right to defend myself (e.g.) when somebody rolls out some half-baked strawman and then accuses me of going off topic. In this case I find it particularly ironic that in a thread full of completely baseless character attacks against Miculas, the author of the linked article (e.g. he just wants credit so he can put it on his resume), I'm the one who gets threatened with a ban for questioning that narrative and not then meekly rolling over for the ensuing tide of bullshit. If you want to see a real, unequivocal, totally one-sided personal attack, you need look no further than the original comment I replied to^[1], and you can't throw a stone from there without hitting another one. I note that those comments remain largely unflagged, which is not a surprise given how acutely vulnerable users of platforms like HN are to the bandwagon effect and similar biases.

  My behavior in this regard is not going to change, but my experience in this thread is certainly raising some questions.

  ^[1] https://news.ycombinator.com/item?id=37676623

  By dang 2023-10-0121:08

  If you don't like the phrase "personal attack", I can put it this way instead: please don't post pejoratives using personal language.

  In the context of moderating an internet forum, we have to go by effects, not intent: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que..., for a number of reasons: (1) intent isn't observable or predictable; (2) effects are both observable and predictable; and (3) it's effects which ruin threads.

  Everyone always feels like they're the one being singled out and treated unfairly—this isn't a reliable feeling, it's a universal bias. If other comments broke the site guidelines as badly as you did, and the mods didn't say anything, that's because we didn't see them, not because we're against you.

  https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...

  https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

  By that_guy_iain 2023-10-059:27

  > You need to work on your reading comprehension.

  To which you state

  > This was not a personal attack, it was a statement of fact.

  It's a matter of opinion, not fact.

  By a_t48 2023-09-2716:241 reply

  On the other hand, to dig yourself out of the hole of “I’m too busy and there’s nobody around to help”, you have to slow down and do this, sometimes.

  By bhouston 2023-09-2717:13

  > to dig yourself out of the hole of “I’m too busy and there’s nobody around to help”, you have to slow down and do this

  Exactly! If you treat new contributors as crap because you are overworked, you will push away potential long-term collaborators who could share the load thus ensuring you will be working alone far into the future. This is a failure state and if I had a manager doing that to those he was managing, he wouldn't be a manager for long.

  By ChildOfEru 2023-09-2716:20

  Who knows how long this would have been unaddressed without Ariel Miculas initial input.

  Part of the job of a maintainer is to curate and foster input so the project has a robust community in the future.

  The maintainer in this case did a miserable job of that.

  By arp242 2023-09-2719:072 reply

  What usually happens is that someone sends a patch with a text description of the problem, but no test case. So what I do in those cases is just quickly look at the patch and create a test case first, on the current stable version, to reproduce the bug. This is both so that a test case exists, but also so that I have a deeper understanding of the problem.

  When that is done, often the fix is simple, and the author's patch sometimes just ... isn't that great, often for entirely understandable reasons, so it's easier to just fix it myself "from scratch".

  So whose patch is it then? In some cases the patch was useful and I'm "inspired" by it, in other cases I'm not. I tend to err on the side of caution, but I've definitely merged my share of patches where the Author field was, IMHO, kind of a lie.

  As for code review: it's really time-consuming. And while a few "minor bug fixers" of today become "hard-core contributors" or tomorrow, realistically, most people show up to fix one bug and are never seen again. That's perfectly fine! But it does mean that "teaching" everyone who shows up quickly become an enormous time sink. There's a bit of a trade-off to be made here.

  By kazinator 2023-09-281:54

  "This change is closely based on a well-considered patch from A. U. Thor <author@example.com>, who also originated the bug report."

  A. U. Thor can point to that 10 years later and say he or she fixed that; nobody cares if the maintainer changed a few things.

  By jacquesm 2023-09-2715:362 reply

  Not on a security related list though. That's entirely the wrong expectation.

  By Arnavion 2023-09-2716:091 reply

  linuxppc-dev is not a security list.

  By jacquesm 2023-09-2716:382 reply

  It was cc-'d to the security list.

  By Arnavion 2023-09-2718:521 reply

  On the first patch that Miculas submitted with their gmail address that was not looked at by any of the parties involved in the rest of the story. The subsequent mails to linuxppc-dev where Leroy and Ellerman were involved were not cross-posted AFAICT.

  By jacquesm 2023-09-286:52

  Yes, that's correct. But the OP didn't have to CC the security mailing list in the first place and that changed the dynamic considerably.

  Note that the degree to which this has blown up is disproportional and that besides the fact that Michael Ellerman could have handled this more gracefully the OP did not seek to resolve this out of band, misrepresented the interaction and ignored an olive branch that would have given him exactly what he wanted.

  The bit where I am in strict disagreement with how Michael Ellerman handled this is actually the reverse of what happened: if the original patch wasn't properly signed off on and the OP was responsive they actually put themselves at risk by re-using the code without proper attribution. This - and that's speculative - probably was because the code identified the essence of the fix but introduced a couple of new problems and because it was so small he may have felt that fixing it and adding a 'Reported-by' tag plus the LKML archive would be sufficient cover for that. But from a strict reading of the LKML guidelines that was the wrong thing to do.

  And the LKML guidelines themselves should be made clearer with respect to how the various levels of contribution are dealt with because that seems to matter a lot to some people and they need to spell out more clearly that submitting a patch may result in your code ending up in the kernel with LKML as the only visible proof that this is the case. Because the OP may not realize it but that is the essential part: that their submission to LKML ended with a bug in the Linux kernel fixed and there is ample proof to document that and I'm pretty sure that nobody would claim otherwise.

  By varispeed 2023-09-2715:48

  Security through obscurity? Oh...

  By ww520 2023-09-2717:371 reply

  Debugging is hard, sometimes very hard. Writing a fix on a familiar code base is comparatively trivial, especially having a working version of the prior fix as the guide. Writing the second version is always easier.

  Saying that it’s a simple fix shows one doesn’t understanding the amount of work go into bug fixings in software development.

  In this case Michael even acknowledged that he could not reproduce it initially but only later had it nailed down. This speaks volume about the amount of work OP put into debugging and fixing the problem. Robbing him of his work is just not right.

  By kazinator 2023-09-2817:35

  If you've been chasing a bug for a while and finally have a fix, you may have code blindness to ever-important issues not related to the fix. The testing you're doing is whether or not that problem went away. This is true even if you're familiar with the code base.

  That's why we have pair programming and code reviews.

  That same developer who spotted your code blindness today will exhibit that themself tomorrow.

  The person not involved in the feature or fix is completely free to think about nothing else but "in what ways is this change wrong"?

  By Arnavion 2023-09-2716:053 reply

  >Sorry, just because you found this trivially fixable array mismatch doesn't mean your buggy patch has to be accepted the way it is.

  I know reading is hard, but it's not an excuse to put words in other people's mouths.

  >>I told him that I would really appreciate if he could accept a patch from me, so that I could receive credit for fixing this issue and become a kernel contributor. I was also open to working with him, addressing his feedback and sending subsequent versions of patches.

  By fsdjkflsjfsoij 2023-09-2716:222 reply

  So the maintainer now has to tutor this guy for god knows how long until he gets it right? All three issues brought up by kazinator are reasonable grounds for ignoring the patch. Do you think that the already overworked maintainers should have to spend significant amounts of their time tutoring every potential contributor? Are you going to pay them for that?

  By kazinator 2023-09-2717:59

  Miculas is not dumb; he's obviously a self-starter who pulled the investigation together through gdb, and the kernel interface, plus surrounding research into the history of the problem. He got excited to close the array access problem and lost sight of the necessity to fix only that and not change anything else, like the bounds check on the index. All it needed was a nudge to put his attention to that detail.

  By SeenNotHeard 2023-09-2716:56

  It doesn't sound like you've ever maintained an active free software project.

  It's not "tutoring" to perform a code review and request additional changes to the patch. That's a standard feedback mechanism in free software development.

  kazinator's analysis may be right, but it doesn't sound like it would have taken the maintainer more than a few minutes to explain his objections and given the contributor a chance to shore up his patch.

  There's plenty of examples in the history of the kernel project of much larger patches going round and round until they land. From kazinator's description, it's possible the patch could have been made ready in a single review round.

  > All three issues brought up by kazinator are reasonable grounds for ignoring the patch.

  The patch (and bug report) wasn't ignored. That's kind of the point.

  By nolist_policy 2023-09-2716:241 reply

  He could just have asked as a review of the the maintainers patch[1], e.g. work with the maintaner to fix it.

  [1] https://lore.kernel.org/all/20220609133245.573565-1-mpe@elle...

  By hnfong 2023-09-2716:57

  I honestly don't know how two people could "work together to fix it" for an apparently straightforward patch where less than 20 lines are changed...

  By Chris2048 2023-09-2717:06

  > I told him that..

  Is this true though?

  By EB66 2023-09-2717:29

  > Sorry, just because you found this trivially fixable array mismatch doesn't mean your buggy patch has to be accepted the way it is.

  That's not really what anyone is suggesting should have happened. The maintainer should've just taken the two minutes of extra time required to checkout the OP's code, make whatever changes the maintainer wanted and commit it with co-authorship.

  That clearly would've been the best course of action for the maintainer to follow (especially given that the OP expressed his desire to the recognized for his contribution) -- the best fix gets merged in and the work of others is acknowledged/respected. That said, I'm not surprised it didn't happen -- social niceties often seem to escape the maintainers of these sorts of repos...

  By xtracto 2023-09-286:43

  I've written countless of patches / PRs for diverse OSS . Most of the times was to scratch an itch.

  Most of the time as well the PR doesn't get accepted because of various reasons. I don't care. I do the PRs so that the code is out there. No I wont spent time making it "good enough " to merge into your repo. I provide it as is, and I'd someone likes it enough they can do the red tape.

  Some of it has been just accepted and merged. Some was slightly modified by the repo owner before merging. Good for them.

  I dont do open source code for the glory or to be popular, I do it because I like it .

  Aaah I miss the 80s and 90s.

  By ariel-miculas 2023-09-2817:311 reply

  1. As I said in the original thread:

    There is already a check at the beginning of the function:
    if (index > PT_FPSCR)
       return -EIO;
  

  2. fpscr will actually be written to by this line of code:

    +       ((unsigned int \*)child->thread.fp_state.fpr)
    +               [FPRINDEX(index)] = data;
  

  3. This is a nitpick.

  So please tell me how my patch was buggy.

  By kazinator 2023-09-2916:20

  1. The index > PT_FPSCR test isn't good enough:

    int ptrace_get_fpr(struct task_struct *child, int index, unsigned long *data)
    {
            unsigned int fpidx = index - PT_FPR0;
  
            if (index > PT_FPSCR)
                    return -EIO;
  
            flush_fp_to_thread(child);
            if (fpidx < (PT_FPSCR - PT_FPR0))
                    memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long));
            else
                    *data = child->thread.fp_state.fpscr;
  
            return 0;
    }
  

  It is testing the original signed value of type int, which could be negative, and therefore convert to a huge unsigned int value manifested in fpidx.

  (Also, the function risks integer subtraction underflow in "index - PT_FPR0". If we pass in the value INT_MIN, subtracting a positive value from it is undefined behavior.)

  It looks like the original author knew that the -EIO test is too weak, so the converted unsigned value is tested again.

  Regarding 2, accessing fpscr using fpr[32] is undefined behavior (out of bounds array access), which is probably why the original code is refraining from that, but testing for that value and separately accessing the member.

  However is also this bit of uncertainty (I have not fully drilled into). On 32 bit PPC, that PT_FPSCR is defined with an extra offset of 1:

     #define PT_FPSCR (PT_FPR0 + 2*32 + 1)                                                               
  

  I suspect that this is due to PPC being big endian; the + 1 displaces the index to the lower half of a 64 bit word. This also tells me that this fpscr register must be 32 bits on PPC32?

  Thus, even with the range check in place, out-of-bounds access past the array is possible if user space requests the [64] index since the range check is testing for below 65. The [64] index isn't fpscr, but the upper half of u64 fpscr.

  There is also the aspect that when we assign to fpscr, the whole 64 bit value is assigned, not just half of it.

  By epinephrinios 2023-09-3015:42

  The correct thing to do is to leave these comments as a code review and let the contributor fix it. No one argued in favor of accepting a buggy patch.

  By fennecfoxy 2023-09-2917:48

  Lmao, even GH does something where it's: "by ORIGINAL_AUTHOR, co-authored by MAINTAINER". Ah but the kernel is a special secret club indeed.

• By inglor 2023-09-279:093 reply

  The linux kernel isn't a reward and while I empathize with the OP I would absolutely prefer a better solution to maintain than one from the community. So the maintainer was well within their rights.

  That said, it's so easy to just give people who contributed to the fix attribution, in Node.js we make a point of trying to give credit in release notes and add `Co-Authored-By:` to PRs where we took _some_ work people did in PRs and adapted it.

  When you maintain something for a while, credit often stops being important to you (you _are_ the maintainer of the area after all) so it's hard to remember that for new contributors it's often very important.

  Totally a loss for OP and that part of linux that the maintainer wasn't more attentive to the fact sharing credit (especially when deserved like in this case) was important to OP.

  By reacharavindh 2023-09-279:184 reply

  I'd be pissed if I put in a lot of effort revising my contributions to a project, only to be told at the end that "I like my version better, so go away!". This is not how a project reliant on community efforts could sustain itself.

  I always thought a project as big and respected as that of the linux-kernel would have folks who know better, and look out for the best interests of teh project while respecting new-comers. After all they were new when they started contributing?

  I dont think anybody in their right mind would advocate for a "not best" solution to be accepted just because a new-comer brought it. The right thing to do would have been - "Here, I have reviewed your patch. This and This are troubling because of this reason. I'd recommend re-writing this like that. Tell me if you need assistance with this, and I can help write that part" and co-author such a patch. That's how you get a good pipeline of future contributors who also care.

  By shakow 2023-09-279:322 reply

  > I'd be pissed if I put in a lot of effort revising my contributions to a project, only to be told at the end that "I like my version better, so go away!"

  Frankly, I think that's a non-trivial problem to solve: how to get the assumedly better fix while not ruffling the feathers of the more junior contributor so not to discourage on-ramping.

  I guess the best way to do it would be to have a co-authored-by tag, or something akin.

  By ghosty141 2023-09-279:353 reply

  I see multiple people saying the authors fix was in a way inferior. Where is this mentioned?

  By shakow 2023-09-2711:551 reply

  We can't really know as we can't see the author's patch, but given that (i) the guy answering is responsible for the whole CPU architecture in Linux and (ii) the author mourns his putative contributor badge but does not criticize the other patch, that's a bet I'm ready to take.

  By hnfong 2023-09-2716:16

  FYI

  https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-June/24...

  https://lore.kernel.org/all/20220609133245.573565-1-mpe@elle...

  By toyg 2023-09-279:491 reply

  It was stated by the maintainer as the reason for discarding the author's contribution.

  By Sprocklem 2023-09-2718:37

  What the maintainer actually said was [0]:

  > Thanks for your patch, but I wanted to fix it differently. Can you try the patch below and make sure it fixes the bug for you?

  Which to me, at least, reads very differently than claiming the author's patch is worse.

  [0] https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-June/24...

  (Credit to nolist_policy for pointing this out upthread.)

  By cortesoft 2023-09-2715:541 reply

  Obviously the author is not going to say their fix was worse, but commenters on here have described why: https://news.ycombinator.com/item?id=37675544

  By ariel-miculas 2023-09-2818:00

  see https://news.ycombinator.com/item?id=37692883

  By hmottestad 2023-09-279:43

  A pull request and some comments to help the author understand what needs to be adjusted is a common way to handle this with the projects that I work with.

  By turtlebits 2023-09-2716:071 reply

  Why? Theres no expectation for you to put in a lot of effort, and if in the hands of a domain expert, could have taken minimal effort. I'm sure everyone has had PRs that could have been resolved in minutes if the submitter had reached out first.

  Complaining about it reeks of a junior developer mentality.

  By jpc0 2023-09-2717:38

  You miss the part where this was a bug that was reported 6 years prior?

  By Too 2023-09-2714:381 reply

  On the other hand this can lead to getting stuck in a never ending code-review ping-pong game.

  Having seen both sides of that table many times, you can see the value in someone who just gets the shit done. Especially since this was security related and may have had some urgency to get merged before a release. Imagining how much work these guys must have accepting patches you can sympathize with taking some shortcuts.

  By Arnavion 2023-09-2714:40

  Nobody's saying the maintainer should have to do a never-ending code review ping pong game.

  The maintainer is free to come up with their version and expedite committing it. The point is that if their patch is based on the original author's patch (which in this case it is; they just shuffled a few lines around), then the original author should've been credited as Author or Co-Authored-By.

  By nitwit005 2023-09-2716:481 reply

  > I'd be pissed if I put in a lot of effort revising my contributions to a project, only to be told at the end that "I like my version better, so go away!".

  Then you shouldn't contribute to someone else's project.

  By reacharavindh 2023-09-286:581 reply

  It is not “their” project now is it?! This attitude never gets anywhere productive. It only encourages gatekeepers.

  I didn’t say I’d be pissed if my contributions are turned away. Every project sure is entitled to say - we don’t need your contributions. But that’s not what happened here. They received this blog author’s contributions, suggested revisions - which they seem to have made and spent time on, and then to only flush them out at the end.

  By your logic, if you don’t want someone contributing to your project, just ignore the contribution or say that you don’t want them - do not take it without due credit.

  By nitwit005 2023-09-2817:12

  It is their project. They are gatekeepers. They don't have any real obligations regarding your contributions, baring a legal issue.

  You can, of course, fork the project, or do whatever you want with the code.

  By FartyMcFarter 2023-09-2715:37

  > The linux kernel isn't a reward

  It certainly seems that you're correct judging by the article, in the worst possible way.

  By secondcoming 2023-09-279:154 reply

  It seems he did get credit in the ‘Reported-By’ tag.

  By rootlocus 2023-09-279:163 reply

  That doesn't give credit for 5 days of debugging. It gives credit for raising the issue, which was already done, six years prior.

  By hmottestad 2023-09-279:462 reply

  Best way to get help with an issue is to post the wrong solution. I remember hearing that somewhere.

  By PinkRidingHood 2023-09-2717:29

  You could've demonstrated it by calling it the wrong name

  By fragmede 2023-09-2710:31

  Cunningham's Law.

  By layer8 2023-09-2713:231 reply

  The issue reported was arguably the lower-level one uncovered by the debugging. So I’d say they reported the result of their debugging.

  By FireBeyond 2023-09-2715:471 reply

  ... and their fix.

  ... and their results of forward regression testing.

  There's a lot of people expending time here trying to absolutely minimize the OP's effort and contribution. Ignoring that the maintainer literally moved one line of code (of about forty additions) and "contributed" it with himself as the author.

  I'd say the maintainer plagiarized OP's code.

  By autoexec 2023-09-2721:40

  > There's a lot of people expending time here trying to absolutely minimize the OP's effort and contribution.

  I don't really understand that either. Someone found a problem, researched it, found and tested a solution, voluntarily offered a patch, and everyone wants to pretend that it was nothing? "It was only x lines", "it was a simple/trivial patch to an obscure project", "It wasn't done in the exact way they wanted it". What is wrong with some people! It was a bug that was reported years ago but nobody took the time to fix it. This guy put in the work and delivered, which in the end is what matters.

  By pgeorgi 2023-09-279:19

  Since text in commit messages is free, a more accurate tag hurts noone but keeps the spirits up and encourages future work: Based-on-work-by, Investigated-by, ...

  Reported-by is more of a participation medal because it can mean anything including "yo dawg, kernel crashes when I look at it wrong"

  By mcv 2023-09-279:171 reply

  But that's only credit for finding the bug, not fixing it. He put quite a lot of work into fixing the bug, and that credit got stolen by someone who merely rewrote his fix.

  By phendrenad2 2023-09-2714:47

  That doesn't cover the scope of his contribution