lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180117232631.gniczgvil5lsml6p@gmail.com>
Date:   Wed, 17 Jan 2018 15:26:31 -0800
From:   Eric Biggers <ebiggers3@...il.com>
To:     Pavel Machek <pavel@....cz>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-fsdevel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
        Linux-MM <linux-mm@...ck.org>, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH 0/1] Re: kernel BUG at fs/userfaultfd.c:LINE!

On Wed, Jan 17, 2018 at 09:56:29AM +0100, Pavel Machek wrote:
> Hi!
> 
> > > Andrea Arcangeli (1):
> > >   userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK
> > >     fails
> > >
> > >  fs/userfaultfd.c | 20 ++++++++++++++++++--
> > >  1 file changed, 18 insertions(+), 2 deletions(-)
> > 
> > The original report footer was stripped, so:
> > 
> > Please credit me with: Reported-by: syzbot <syzkaller@...glegroups.com>
> 
> Please don't. We don't credit our CPUs, and we don't credit Qemu. We
> credit humans.
> 

The difference is that unlike your CPU or QEMU, syzbot is a program specifically
written to find and report Linux kernel bugs.  And although Dmitry Vyukov has
done most of the work, syzkaller and syzbot have had many contributors, and you
are welcome to contribute too: https://github.com/google/syzkaller

> > and we also need to tell syzbot about the fix with:
> > 
> > #syz fix:
> > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
> 
> Now you claimed you care about bugs being fixed. What about actually
> testing Andrea's fix and telling us if it fixes the problem or not,
> and maybe saying "thank you"?

Of course the syzbot team cares about bugs being fixed, why else would they
report them?

I too would like to see syzbot become smarter about handling bugs with
reproducers.  For example it could bisect to find the commit which introduced
the bug, and could automatically detect where the bug has/hasn't been fixed.  Of
course due to the nature of the kernel it's not possible with every bug, but for
some it is possible.

Nevertheless, at the end of the day, no matter how a bug is reported or who
reports it, it is primarily the responsibility of the person patching the bug to
test their patch.  I've never really understood why people try to patch
reproducible bugs without even testing their fix; it just doesn't make any
sense.  It's pretty easy to run the syzkaller-provided reproducers too.
Personally I've fixed 20+ syzkaller-reported bugs, and I always run the
reproducer if there is one.  In fact the reproducer is usually needed to even
figure out what to fix in the first place...

Yes, Andrea deserves thanks for fixing this bug!  But so does syzbot and its
authors for reporting this bug.  And personally I am not at all impressed by the
fact that userfaultfd has no maintainer listed in MAINTAINERS, nor did any of
the authors feel responsible enough to quickly patch a critical security bug in
code they wrote less than a year ago, even after I Cc'ed them with a simplified
reproducer and explanation of the problem.  Note that userfaultfd is usable by
unprivileged users and is enabled on most major Linux distros.  Does syzbot need
to start automatically requesting CVE's as well? :-)

(And yes, I wanted to fix this myself, as I've done with a lot of other of the
syzbot-reported bugs, but unfortunately I wasn't familiar enough with the
userfaultfd code, and there are 200 other bugs to work on too...)

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ