linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Leon Romanovsky <leon@kernel.org>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: SyzScope <syzscope@gmail.com>,
	davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org,
	linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
	marcel@holtmann.org, netdev@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: KASAN: use-after-free Read in hci_chan_del
Date: Sun, 6 Jun 2021 08:06:05 +0300	[thread overview]
Message-ID: <YLxXvfi1P8qZdQH3@unreal> (raw)
In-Reply-To: <YLsrLz7otkQAkIN7@kroah.com>

On Sat, Jun 05, 2021 at 09:43:43AM +0200, Greg KH wrote:
> On Fri, Jun 04, 2021 at 10:11:03AM -0700, SyzScope wrote:
> > Hi Greg,
> > 
> > > Who is working on and doing this "reseach project"?
> > We are a group of researchers from University of California, Riverside (we
> > introduced ourselves in an earlier email to security@kernel.org if you
> > recall).
> 
> I do not recall that, sorry, when was that?
> 
> > Please allow us to articulate the goal of our research. We'd be
> > happy to hear your feedback and suggestions.
> > 
> > > And what is it
> > > doing to actually fix the issues that syzbot finds?  Seems like that
> > > would be a better solution instead of just trying to send emails saying,
> > > in short "why isn't this reported issue fixed yet?"
> > From our limited understanding, we know a key problem with syzbot bugs is
> > that there are too many of them - more than what can be handled by
> > developers and maintainers. Therefore, it seems some form of prioritization
> > on bug fixing would be helpful. The goal of the SyzScope project is to
> > *automatically* analyze the security impact of syzbot bugs, which helps with
> > prioritizing bug fixes. In other words, when a syzbot bug is reported, we
> > aim to attach a corresponding security impact "signal" to help developers
> > make an informed decision on which ones to fix first.
> 
> Is that really the reason why syzbot-reported problems are not being
> fixed?  Just because we don't know which ones are more "important"?
> 
> As someone who has been managing many interns for a year or so working
> on these, I do not think that is the problem, but hey, what do I know...

My 2 cents, as the one who is fixing these external and internal syzkaller bugs
in RDMA. I would say that the main reason is lack of specific knowledge to fix
them or/and amount of work to actually do it.

Many of such failures are in neglected parts of code.

And no, I personally won't care if someone adds security score or not to
syzkaller report, all reports should be fixed.

Thanks

  parent reply	other threads:[~2021-06-06  5:06 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-02 20:45 KASAN: use-after-free Read in hci_chan_del syzbot
2020-08-03 17:08 ` syzbot
2021-05-04 21:50 ` ETenal
2021-05-06  6:01   ` Dan Carpenter
2021-05-06  6:42     ` SyzScope
2021-06-04  9:48   ` Greg KH
2021-06-04 17:11     ` SyzScope
2021-06-05  7:43       ` Greg KH
2021-06-05 18:12         ` SyzScope
2021-06-06  5:16           ` Greg KH
2021-06-06  5:29             ` Leon Romanovsky
2021-06-06  5:06         ` Leon Romanovsky [this message]
     [not found]         ` <20210606085004.12212-1-hdanton@sina.com>
2021-06-06  9:54           ` Greg KH
     [not found]           ` <20210607074828.3259-1-hdanton@sina.com>
2021-06-07  7:55             ` Greg KH
     [not found]             ` <20210607100201.3345-1-hdanton@sina.com>
2021-06-07 10:31               ` Greg KH
     [not found]               ` <20210608081800.3484-1-hdanton@sina.com>
2021-06-08  8:40                 ` Greg KH
2021-05-28 21:12 ` SyzScope
2021-06-03 18:30   ` SyzScope
2021-06-03 18:36     ` Greg KH
2021-06-07 10:21   ` Jason A. Donenfeld
2021-06-07 10:28     ` Dmitry Vyukov
2021-06-07 11:20     ` Greg KH
2021-06-07 18:26       ` SyzScope
2021-06-08  8:46         ` Greg KH
2021-06-08  8:53     ` Dan Carpenter
2021-06-07 22:25 ` [syzbot] " syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YLxXvfi1P8qZdQH3@unreal \
    --to=leon@kernel.org \
    --cc=davem@davemloft.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=johan.hedberg@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=syzscope@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).