lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2591445.sHVZGWs4yY@tauon.chronox.de>
Date:   Thu, 21 Dec 2017 14:36:27 +0100
From:   Stephan Mueller <smueller@...onox.de>
To:     Andrey Ryabinin <ryabinin.a.a@...il.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller <syzkaller@...glegroups.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Eric Biggers <ebiggers3@...il.com>,
        Kostya Serebryany <kcc@...gle.com>,
        Alexander Potapenko <glider@...gle.com>,
        andreyknvl <andreyknvl@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        David Miller <davem@...emloft.net>,
        Willem de Bruijn <willemb@...gle.com>,
        Guenter Roeck <groeck@...gle.com>
Subject: Re: [RFC] syzbot process

Am Donnerstag, 21. Dezember 2017, 14:22:40 CET schrieb Andrey Ryabinin:

Hi Andrey,

> 2017-12-21 15:52 GMT+03:00 Dmitry Vyukov <dvyukov@...gle.com>:
> > Any other proposals, thoughts, ideas?
> 
> a) Assume that patches send in replies to the bug report are fixes.
> 
> b) Almost the same as your "syzbot-fix: HASH"  proposal, but slightly
> closer to normal kernel development workflow.
>      Add hash/bug id into the From field of email, i.e.
> 
>      instead of
>      From: syzbot <syzkaller@...glegroups.com>
> 
>      make it
>      From: syzbot-{hash} <syzkaller@...glegroups.com>
> 
>      And ask to include "Reported-by: syzbot-{hash}
> <syzkaller@...glegroups.com>" tag in a changelog.
> 
> a) doesn't exclude b) or "#syz: fix " emails, and vise versa

One additional suggestion: Rerun all already generated reproducer tests on, 
say, each updated kernel (e.g. newer rc or even full new version). If an issue 
is detected again, send a reply to the original message to indicate that the 
issue is still there. Note, I sometimes even fear that a patch that ought to 
fix the reported issue may not completely fix it considering races.

The problem with the current approach (at least to me) is that on mailing 
lists with some volume, such reports get easily buried.

Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ