lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <15ddfcec-8c2a-6f86-db99-8ce5bdc8078d@gmail.com>
Date:   Fri, 21 Jul 2023 13:25:21 +1200
From:   Michael Schmitz <schmitzmic@...il.com>
To:     Matthew Wilcox <willy@...radead.org>,
        Finn Thain <fthain@...ux-m68k.org>
Cc:     Dave Chinner <david@...morbit.com>,
        Jeff Layton <jlayton@...nel.org>,
        John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Viacheslav Dubeyko <slava@...eyko.com>,
        Arnd Bergmann <arnd@...db.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        syzbot <syzbot+7bb7cd3595533513a9e7@...kaller.appspotmail.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        christian.brauner@...ntu.com,
        Damien Le Moal <damien.lemoal@...nsource.wdc.com>,
        Linux FS Devel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        ZhangPeng <zhangpeng362@...wei.com>,
        linux-m68k@...ts.linux-m68k.org,
        debian-ports <debian-ports@...ts.debian.org>
Subject: Re: [syzbot] [hfs?] WARNING in hfs_write_inode

Hi Matthew,

Am 21.07.2023 um 13:11 schrieb Matthew Wilcox:
> You've misunderstood.  Google have decided to subject the entire kernel
> (including obsolete unmaintained filesystems) to stress tests that it's
> never had before.  IOW these bugs have been there since the code was
> merged.  There's nothing to back out.  There's no API change to blame.
> It's always been buggy and it's never mattered before.
>
> It wouldn't be so bad if Google had also decided to fund people to fix
> those bugs, but no, they've decided to dump them on public mailing lists
> and berate developers into fixing them.

Dumping these reports on public mailing lists may still be OK (leaving 
aside that this invites writing code to exploit these bugs). Asking 
nicely for a fix, too.

'Berating developers' clearly oversteps the mark.

Maybe Google need to train their AI (that they're evidently training on 
kernel source, so ought to be grateful for such a nice training set) 
with a view to manners? We'd sure hate Google's input to go ignored for 
lack of civility?

(We could always reassign bugs of this sort against e.g. HFS to 
distrubtions, of course. They might have the resources to do something 
about it. Doesn't Google distribute Linux in some form or other? Is 
Android or ChromeOS susceptible to this issue? Time to find out ...)

Be that as it may - removing code that still has use, just to appease 
pushy Google staff (or AI) is just plain wrong IMO.

Cheers,

	Michael

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ