lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Jan 2018 09:24:44 +0100
From:   Pavel Machek <pavel@....cz>
To:     Eric Biggers <ebiggers3@...il.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-fsdevel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
        Linux-MM <linux-mm@...ck.org>, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH 0/1] Re: kernel BUG at fs/userfaultfd.c:LINE!

On Wed 2018-01-17 15:26:31, Eric Biggers wrote:
> On Wed, Jan 17, 2018 at 09:56:29AM +0100, Pavel Machek wrote:
> > Hi!
> > 
> > > > Andrea Arcangeli (1):
> > > >   userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK
> > > >     fails
> > > >
> > > >  fs/userfaultfd.c | 20 ++++++++++++++++++--
> > > >  1 file changed, 18 insertions(+), 2 deletions(-)
> > > 
> > > The original report footer was stripped, so:
> > > 
> > > Please credit me with: Reported-by: syzbot <syzkaller@...glegroups.com>
> > 
> > Please don't. We don't credit our CPUs, and we don't credit Qemu. We
> > credit humans.
> 
> The difference is that unlike your CPU or QEMU, syzbot is a program specifically
> written to find and report Linux kernel bugs.  And although Dmitry Vyukov has
> done most of the work, syzkaller and syzbot have had many contributors, and you
> are welcome to contribute too: https://github.com/google/syzkaller

No.

Someone is responsible for sending those reports to lkml, and that
someone is not a program, that is a human being.

And that someone should be in the From: address, and he gets the
credit when it goes right, and blame when it gets wrong. Pick that
person. He is responsible for reviewing mails the bot sends (perhaps
adding information that would normally be there but syzbot is not yet
able to add it automatically -- such as what tree it is to the
subject), and he should act on replies.

> > > and we also need to tell syzbot about the fix with:
> > > 
> > > #syz fix:
> > > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
> > 
> > Now you claimed you care about bugs being fixed. What about actually
> > testing Andrea's fix and telling us if it fixes the problem or not,
> > and maybe saying "thank you"?
> 
> Of course the syzbot team cares about bugs being fixed, why else would they
> report them?

From the emails it looks like the bot is doing that for fame.

> Nevertheless, at the end of the day, no matter how a bug is reported or who
> reports it, it is primarily the responsibility of the person patching the bug to
> test their patch. 

Umm. Really? That's not how it historically worked. You report a bug,
you are expected to care enough to do the testing. You also say a
"thank you" to person who fixes the bug. Just because.

And syzbot does not do any of that, and that's why human should be in
the loop.

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ