lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+ZnTRf5BocMZZCkUva+VddOMXYGu13iWo6+3sopZzh5hQ@mail.gmail.com>
Date:   Mon, 8 May 2023 07:33:39 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     "Theodore Ts'o" <tytso@....edu>
Cc:     Tudor Ambarus <tudor.ambarus@...aro.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        syzbot <syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com>,
        davem@...emloft.net, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, olivia@...enic.com,
        syzkaller-bugs@...glegroups.com, Jason Wang <jasowang@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Laurent Vivier <lvivier@...hat.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        Aleksandr Nogikh <nogikh@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: [PATCH] hwrng: virtio - Fix race on data_avail and actual data

On Fri, 5 May 2023 at 06:01, Theodore Ts'o <tytso@....edu> wrote:
>
> On Thu, May 04, 2023 at 09:10:43AM +0100, Tudor Ambarus wrote:
> > > The syzbot ID is already present in the in the Reported-by tag.
> > > There is no reason to clutter up the commit message with redundant
> > > information.
> >
> > As you prefer. Theodore Ts'o encourages to add a dashboard link, here's
> > his reasoning:
> > https://github.com/google/syzkaller/issues/3393#issuecomment-1347476434
>
> The reason why I've requested having both the Link and Reported-by is
> because you don't know the secret incantation:
>
> s;Reported-by: syzbot\+\([0-9a-z]+\)@syzkaller.appspotmail.com;https://syzkaller.appspotmail.com/extid?=\1;
>
> ... you can't easily get from a "Reported-by:" e-mail address to a URL
> link that will actually get you to the syzkaller page.  What I used to
> do was to go to https://groups.google.com/g/syzkaller-bugs and then
> enter into the Google Groups searech box:
>
>    Reported-by: syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com
>
> which is a ***super*** clunky way to get to the syzkaller page.  What
> would be nice is if there was an easy way that didn't rely on kernel
> developers knowing the internal URL structure of Syzbot to be able to
> enter the Reported-by link on some convenient web page, perhaps in a
> search box found in the front page of https://syzkaller.appspot.com,
> and be able to find the syzbot report web page that way.
>
> Since that doesn't exist today, I include both the Reported-by: and
> Link: in my commit descriptions, out of consideration to the reviewer
> who might want to be able to find the Syzbot page and don't know the
> secret trick to calculate the URL from the Reported-by: e-mail
> address.
>
>
> Another gotcha with Syzbot is that there are two id's, the "extid" and
> the "id" which makes thing ***super*** confusing.  For example, both
> of these URL's go the same Syzbot report:
>
> https://syzkaller.appspot.com/bug?extid=726dc8c62c3536431ceb
> https://syzkaller.appspot.com/bug?id=eec08eb3763c9ec749fd565e70cfe6e485af7ed7
>
> The Reported-by e-mail address uses the extid.  So for example, this
> case, it would be syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com.
>
> However, all of the links in the Syzbot web pages use the id form of
> the URL.  So if you were browsing the syzbot reports assigned to the
> crypto subsystem via https://syzkaller.appspot.com/upstream/s/crypto,
> you would find the id-style link, and then the commit fixing the bug
> might have something like this:
>
> Reported-by: syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?id=eec08eb3763c9ec749fd565e70cfe6e485af7ed7
>
> In that case, there is no (obvious) relationship between the hex
> string found in the Reported-by line and the Link line.
>
>
> One additional unfortunate fallout from syzbot having an "extid" and
> "id", is that depending on how the syzbot entry initially found by the
> contributor sending in a patch to address a syzbot report, either URL
> can be found in mailing list archives.  So if you search for
> "extid=726dc8c62c3536431ceb" you won't find references to
> "id=eec08eb3763c9ec749fd565e70cfe6e485af7ed7" even though they are
> both referring to same Syzbot report.
>
> <<< sigh >>>>   As they say, the hardest problem to solve in the
> C.S. world is naming, and syzbot has two names for every single syzbot
> report, and both are exposed to the poor user.   :-(

A link like this may work for syzbot instead of the Reported-by tag
(may work out of the box, but need to double check if we start to use
this):

Link: https://syzkaller.appspot.com/bug?extid=726dc8c62c3536431ceb

Or similarly this may work:

Reported-by: https://syzkaller.appspot.com/bug?extid=726dc8c62c3536431ceb
I think the parsing code mostly looks for the hash.

This was proposed, but people said that they need links to lore and
don't want links to syzkaller dashboard. So this was rejected at the
time.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ