lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z9Ic6iarKKROVf2K@codewreck.org>
Date: Thu, 13 Mar 2025 08:46:50 +0900
From: asmadeus@...ewreck.org
To: Christian Schoenebeck <linux_oss@...debyte.com>
Cc: ericvh@...nel.org, linux-kernel@...r.kernel.org, lucho@...kov.net,
	syzkaller-bugs@...glegroups.com, v9fs@...ts.linux.dev,
	syzbot <syzbot+5b667f9a1fee4ba3775a@...kaller.appspotmail.com>
Subject: Re: [syzbot] [v9fs?] general protection fault in p9_client_walk

Christian Schoenebeck wrote on Wed, Mar 12, 2025 at 03:25:27PM +0100:
> > OTOH I don't get why all mkdirs don't hit that.. ah, it's only a problem
> > if the parent directory has some ACL and none of our tests hit that :/
> 
> There are test cases now?

What, you want a proper CI ?!
I'm still running semi-manually but I'm testing the bare minimum works
before sending Linus pull requets.. Which doesn't include ACLs...

But now I'm looking Eric published https://github.com/v9fs/test which
has some github actions, perhaps I can add my handful of test cases
there and try to run that instead, at which point we can consider
running more complete test suites like xfstests which do have some acl
checks.
I'm sure plenty of what we do isn't quite valid and would fail tests,
but at least it could check we're not hitting any null deref or similar
bug...

> > Well, it shouldn't be too hard to trigger & fix anyway, since you've
> > done this much want to send the patch?
> 
> If it is not super urgent then I'll schedule some cycles. Not worried if
> anyone is faster of course.

Given it's been broken since 6.0 (2.5 years ago) I guess we don't have
anyone using ACLs (or at least not creating directories), so it's
probably not super urgent..

-- 
Dominique Martinet | Asmadeus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ