| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <s5hlg8ifw3v.wl-tiwai@suse.de>
Date: Mon, 03 Sep 2018 17:18:12 +0200
From: Takashi Iwai <tiwai@...e.de>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: syzbot <syzbot+194dffdb8b22fc5d207a@...kaller.appspotmail.com>,
alsa-devel-bounces@...a-project.org, alsa-devel@...a-project.org,
LKML <linux-kernel@...r.kernel.org>,
Jaroslav Kysela <perex@...ex.cz>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: KMSAN: uninit-value in snd_midi_event_encode_byte
On Mon, 03 Sep 2018 17:06:05 +0200,
Dmitry Vyukov wrote:
>
> On Mon, Sep 3, 2018 at 5:00 PM, Takashi Iwai <tiwai@...e.de> wrote:
> > On Mon, 03 Sep 2018 16:54:23 +0200,
> > Dmitry Vyukov wrote:
> >>
> >> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> >> is meant to be a complement to the previous generic descriptions of
> >> patch testing process, which is:
> >> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#testing-patches
> >>
> >> So, you always reply to the syzbot+HASH email address so that syzbot
> >> understands which bug we are talking about.
> >> Then you do either (omitting # so that syzbot won't consider that as
> >> actual test requests):
> >>
> >> syz test: git://repo/address.git branch
> >>
> >> or:
> >>
> >> syz test: git://repo/address.git commit-hash
> >>
> >> And then you can either attach a patch that needs to be applied on
> >> top, or not attach it (if it's already in the tree, or you just want
> >> to get another crash report).
> >
> > OK, so far, so good, it's what I knew and have done a few times.
> >
> >
> >> For KMSAN you need to issue test request against
> >> "https//github.com/google/kmsan.git master" (that's the only tree that
> >> has KMSAN tool in it) and you need to attach/inline the patch (because
> >> your patch is obviously not there yet).
> >>
> >> Does this make things more clear?
> >
> > Sorry, the part "issue test request against https..." still isn't
> > clear.
> >
> > Do you mean to open an issue entry on github, and attach the patch
> > there?
>
> By "issue test request" I mean sending email with "syz test" command.
> So overall you send "syz test https//github.com/google/kmsan.git
> master" and attach the patch.
> The workflow is all the same, and no github involved. It's just that
> you can't ask to test it against
> git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git because
> it does not have KMSAN tool and so no KMSAN bugs will be detected
> there.
Thanks, this finally made me understanding the whole picture!
> Since I did all of this, it's hard for me to write clear docs for others. Sorry.
> If you can suggest some improved wording, it would be great.
Well, how about like below?
KMSAN is not upstream yet, though, we want to upstream it later. For
now, it lives in github.com/google/kmsan and is based on a reasonably
fresh upstream tree. As the result, any patch testing requests for
KMSAN bugs need to go to KMSAN tree
(https://github.com/google/kmsan.git repo, master branch).
A standard way for triggering the test with KMSAN tree is to send an
email to syzbot+HASH address containing the following line:
#syz test: https://github.com/google/kmsan.git master
and attach/inline your test patch in the same mail.
Takashi
Powered by blists - more mailing lists