lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 10 Jun 2018 21:22:50 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Guenter Roeck <groeck@...gle.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        syzkaller <syzkaller@...glegroups.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        David Miller <davem@...emloft.net>,
        Wu Fengguang <fengguang.wu@...el.com>
Subject: Re: what trees/branches to test on syzbot

On Sun, Jun 10, 2018 at 08:11:05AM +0200, Dmitry Vyukov wrote:
> 
> The set of trees where a crash happened is visible on dashboard, so
> one can see if it's only linux-next or whole set of trees. Potentially
> syzbot can act differently depending on this predicate, but I don't
> see what should be the difference.  However, this does not fully save
> from falsely assessing bugs as linux-next-only just because they
> happened few times and only on linux-next so far.

So how about this, only report something as being a linux-next
regression if (a) there is a reproducer, and (b) the reproducer does
not trigger any kind of crash on mainline?

> There is also a problem with rebasing of linux-next: reported commit
> hashes do not make sense and we can forget about bisection.

If there is a valid reproducer, bisection should simply be a matter ofu
running and if we know the reproducer doesn't trigger on mainline,
then the bisection should only require no more than 8-10 VM runs.  For
Linux-next, this would be *super* valuable.  Reporting the commit ID
and the one-line commit summary will be enough for most maintainers,
since even if they are using a rewinding head, so long as the
bisection can be done quickly enough (e.g., within a few days), it
will still be in their git repository.

And if you have a reproducer, then once it's identified as a
linux-next reproducer with a guilty commit, that can be confirmed by
either (a) seeing if you can revert the commit and if it makes the
problem go away, or (b) figure out which subsystem git tree the commit
was introduced via, and then verify that the reproducer triggers on
the tip of the subsystem git tree.

All of this will require development effort, so I suspect it's not
something we'll see from syzbot tomorrow --- but it's not
*impossible*.

I think though that sending e-mail about a linux-next syzbot crash if
there is a reproducer and the reproducer doesn't trigger a crash on
mainline should be really simple to implement, and it would add huge
value without spamming the subsystem maintainers.

					- Ted

Powered by blists - more mailing lists