lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 15 Jul 2020 20:19:49 +0200
From:   Christoph Hellwig <hch@....de>
To:     Dominique Martinet <asmadeus@...ewreck.org>
Cc:     Christoph Hellwig <hch@....de>, Doug Nazar <nazard@...ar.ca>,
        ericvh@...il.com, lucho@...kov.net,
        v9fs-developer@...ts.sourceforge.net, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        syzbot+e6f77e16ff68b2434a2c@...kaller.appspotmail.com
Subject: Re: [PATCH] net/9p: validate fds in p9_fd_open

On Wed, Jul 15, 2020 at 03:47:56PM +0200, Dominique Martinet wrote:
> Christoph Hellwig wrote on Wed, Jul 15, 2020:
> > FYI, this is now generating daily syzbot reports, so I'd love to see
> > the fix going into Linus' tree ASAP..
> 
> Yes, I'm getting some syzbot warnings as well now.
> 
> I had however only planned to get this in linux-next, since that is what
> the syzbot mails were complaining about, but I see this got into -rc5...
> 
> 
> It's honestly just a warn on something that would fail anyway so I'd
> rather let it live in -next first, I don't get why syzbot is so verbose
> about this - it sent a mail when it found a c repro and one more once it
> bisected the commit yesterday but it should not be sending more?

Yes, I agree that this is just a warning on existing behavior.  But then
again these constant syzbot reports are pretty annoying..

> (likewise it should pick up the fix tag even if it only gets in -next,
> or would it keep being noisy unless this gets merged to mainline?)
> 
> 
> FWIW this is along with the 5 other patches I have queued for 5.9
> waiting for my tests as my infra is still down, I've stopped trying to
> make promises, but I could push at least just this one to -next if that
> really helps.
> Sorry for that, things should be smoother once I've taken the time to
> put things back in place.

No need to be sorry, just through it might be worth to ping you.

Thanks for all your help!

Powered by blists - more mailing lists