lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Feb 2018 16:55:51 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Sowmini Varadhan <sowmini.varadhan@...cle.com>
Cc:     syzbot <syzbot+bbd8e9a06452cc48059b@...kaller.appspotmail.com>,
        David Miller <davem@...emloft.net>,
        LKML <linux-kernel@...r.kernel.org>, linux-rdma@...r.kernel.org,
        netdev <netdev@...r.kernel.org>, rds-devel@....oracle.com,
        Santosh Shilimkar <santosh.shilimkar@...cle.com>,
        syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in rds_tcp_tune

On Wed, Feb 14, 2018 at 4:35 PM, Sowmini Varadhan
<sowmini.varadhan@...cle.com> wrote:
> On (02/14/18 16:28), Dmitry Vyukov wrote:
>> syzbot is probably not seeing this problem. However if you don't add
>> the Reported-by tag to commit, nor provide syz fix tag, it will
>> consider it as "open". One consequence of this is that it is still on
>> our radars. Another consequence is that syzbot will never report bugs
>> in rds_tcp_tune ever again as it thinks that it's the same known bug,
>> so no point in bothering anybody.
>
> understood, I think I saw this in the original syzbot mail as well,
> but I was hesitant to actually add the tag because the fix was
> based on code-inspection only, and I would have felt more comfortable
> about asserting the Reported-by if I'd done a clear-cut before/after
> verification.
>
> btw, checkpatch.pl complains about the syzbot*@...kaller.appspotmail.com
> addresses as "Unrecognized email address", we should fix that
> error from checkpatch at some point.

Interesting. Looking at checkpatch.pl I think it wants all addresses
to be in <>, i.e.
Reported-by: <syzbot+bbd8e9a06452cc48059b@...kaller.appspotmail.com>
There probably was some reason to enforce this, so I think I will
change the syzbot email template to include <>.
Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ