lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Oct 2020 11:29:35 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Arnd Bergmann <arnd@...db.de>,
        syzkaller <syzkaller@...glegroups.com>
Cc:     rgerganov@...are.com,
        syzbot <syzbot+f58fe4bb535845237057@...kaller.appspotmail.com>,
        gregkh <gregkh@...uxfoundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: general protection fault in qp_release_pages

On Mon, Oct 12, 2020 at 11:16 AM Arnd Bergmann <arnd@...db.de> wrote:
>
> On Mon, Oct 12, 2020 at 10:14 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
> > On Mon, Oct 12, 2020 at 10:01 AM Arnd Bergmann <arnd@...db.de> wrote:
> > > On Mon, Oct 12, 2020 at 8:11 AM syzbot
> > >
> > > Adding everyone from the git history that did meaningful changes in the past
> > > for this driver, as there is no specific maintainer file entry for
> > > them to further
> > > investigate.
> >
> > Hi Arnd,
> >
> > There is already a recorded fix for this on the dashboard:
>
> Ok, good.
>
> > https://syzkaller.appspot.com/bug?extid=f58fe4bb535845237057
> > VMCI: check return value of get_user_pages_fast() for errors
>
> Ah, I actually looked at linux-next, which included the fix. I had
> never before looked at the dashboard, good to know where to find
> this information.
>
> If this is something that happened to others as well, could the
> email report be changed to point out bugs that are already
> fixed in linux-next but not in mainline?

When syzbot mails a report, it does not know about any fixes by definition.

There is a pending feature request to notify when a fix becomes known:
https://github.com/google/syzkaller/issues/1574

However:
1. This will double the number of emails from syzbot, not sure if it
will be welcome.
2. This probably only makes sense for fixes that are auto-discovered
in git trees. While this one came from a user email, it was just not
sent to the same thread/recipients (the common problem of replying to
emails you did not receive). So it would not help in this case.
3. There is lots of other dynamic info on the dashboard (more crashes,
where it happens, how frequently, when started/stopped). It's not
feasible to send an email for every update (there can be 100K
crashes), so the dashboard needed to be looked at in some cases
anyway.

Do you see any potential improvements in this context?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ