lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZFi5FfjVpxLEk48A@mit.edu>
Date:   Mon, 8 May 2023 04:55:49 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Tudor Ambarus <tudor.ambarus@...aro.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        syzbot <syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com>,
        davem@...emloft.net, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, olivia@...enic.com,
        syzkaller-bugs@...glegroups.com, Jason Wang <jasowang@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Laurent Vivier <lvivier@...hat.com>,
        Rusty Russell <rusty@...tcorp.com.au>,
        Aleksandr Nogikh <nogikh@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: [PATCH] hwrng: virtio - Fix race on data_avail and actual data

On Mon, May 08, 2023 at 07:33:39AM +0200, Dmitry Vyukov wrote:
> A link like this may work for syzbot instead of the Reported-by tag
> (may work out of the box, but need to double check if we start to use
> this):
> 
> Link: https://syzkaller.appspot.com/bug?extid=726dc8c62c3536431ceb
> 
> Or similarly this may work:
> 
> Reported-by: https://syzkaller.appspot.com/bug?extid=726dc8c62c3536431ceb
> I think the parsing code mostly looks for the hash.
> 
> This was proposed, but people said that they need links to lore and
> don't want links to syzkaller dashboard. So this was rejected at the
> time.

I think the "Reported-by: " line should continue to contain an e-mail,
since that way "git send-email" will automatically include a Cc: to
the mailing list address so that the syzbot page for the report will
contain a link to the page.

What *would* be useful would be a search box on the top-level
https://syzkaller.appspot.com where you could either enter an e-mail
address like:

	syzbot+726dc8c62c3536431ceb@...kaller.appspotmail.com

or the syzbot report title e.g.:

       KCSAN: data-race in random_recv_done / virtio_read (3)

or just a function name:

	sys_quotactl_fd

The search box could just push the text to google.com with
"site:syzkaller.appspot.com", which should mostly do the right thing.

Also, it would also be nice if all of the URL links on the
syzkaller.appspot.com used the id form of the URL.  That is, to use

https://syzkaller.appspot.com/bug?extid=6c73bd34311ee489dbf5

instead of:

https://syzkaller.appspot.com/bug?id=32c54626e170a6b327ca2c8ae4c1aea666a8c20b

The extid form of the URL is shorter, and having a consistency so that
the primary URL is the extid would reduce confusion.  The web site
will need to continue to support the id form of the URL since there
are quite a few of those URL's in mailing list archives and git commit
descriptions.  

It also would be useful if there was a way to translate from the extid
hash to the id hash, so that it's possible to search for the extid and
id forms of the URL --- since the URL aliasing means that for a
developer trying to do code archeology and web searches, that we need
to search for both URL forms for past syzbot reports.  (But if we can
avoid the aliasing confusion moving forward, that would be **really**
nice.)

Cheers,

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ