lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <deff904e-5c56-42ae-b8b0-7b55580b023a@I-love.SAKURA.ne.jp>
Date: Sat, 28 Sep 2024 18:23:53 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: Roberto Sassu <roberto.sassu@...weicloud.com>,
        Paul Moore <paul@...l-moore.com>, Mimi Zohar <zohar@...ux.ibm.com>,
        Roberto Sassu <roberto.sassu@...wei.com>,
        Casey Schaufler <casey@...aufler-ca.com>,
        syzbot <syzbot+listfc277c7cb94932601d96@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] Monthly lsm report (Sep 2024)

On 2024/09/28 17:57, Kent Overstreet wrote:
> On Sat, Sep 28, 2024 at 03:49:27PM GMT, Tetsuo Handa wrote:
>> On 2024/09/28 10:25, Kent Overstreet wrote:
>>> And looking further, I don't see anyhting in the console log from when
>>> bcachefs actually mounted (???), which means I don't think I have enough
>>> to go on. It's clearly an upgrade path issue - we didn't run
>>> check_allocations as is required when upgrading to 1.11 - but it's not
>>> reproducing for me when I run tests with old tools.
>>>
>>> Can we get some more information about the syzbot reproducer? Exact
>>> tools version, format command and mount command.
>>
>> Reproducer for this bug is not yet found. But syzbot does not use userspace
>> tools. That is, testing with old (or new) tools will not help. Please note
>> that syzbot uses crafted (intentionally corrupted) filesystem images. If the
>> kernel side depends on sanity checks / validations done by the userspace
>> side, syzbot will find oversights on the kernel side. Please don't make any
>> assumptions made by the userspace tools.
>>
> 
> You seem to be confused; how do you expect sysbot to test a filesystem
> without the format comand?

Please find syz_mount_image$bcachefs from e.g.
https://syzkaller.appspot.com/text?tag=CrashLog&x=17441e80580000 .

syzbot creates in-memory filesystem image using memfd and mount it
using loopback devices. For example,
https://syzkaller.appspot.com/text?tag=ReproC&x=102e0907980000 is
a C reproducer for an ext4 bug; check how setup_loop_device() and
syz_mount_image() are used for mounting filesystems.

Again, syzbot does not use userspace tools for managing filesystems.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ