From: SyzScope <syzscope@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
marcel@holtmann.org, netdev@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: KASAN: use-after-free Read in hci_chan_del
Date: Sat, 5 Jun 2021 11:12:49 -0700 [thread overview]
Message-ID: <d37fecad-eed3-5eb8-e30a-ebb912e3a073@gmail.com> (raw)
In-Reply-To: <YLsrLz7otkQAkIN7@kroah.com>
Hi Greg,
> I do not recall that, sorry, when was that?
We sent an email to security@kernel.org from xzou017@ucr.edu account on
May 20, the title is "KASAN: use-after-free Read in hci_chan_del has
dangerous security impact".
> Is that really the reason why syzbot-reported problems are not being
> fixed? Just because we don't know which ones are more "important"?
>
> As someone who has been managing many interns for a year or so working
> on these, I do not think that is the problem, but hey, what do I know...
Perhaps we misunderstood the problem of syzbot-generated bugs. Our
understanding is that if a syzbot-generated bug is exploited in the wild
and/or the exploit code is made publicly available somehow, then the bug
will be fixed in a prioritized fashion. If our understanding is correct,
wouldn't it be nice if we, as good guys, can figure out which bugs are
security-critical and patch them before the bad guys exploit them.
On 05/06/2021 00:43, Greg KH wrote:
> On Fri, Jun 04, 2021 at 10:11:03AM -0700, SyzScope wrote:
>> Hi Greg,
>>
>>> Who is working on and doing this "reseach project"?
>> We are a group of researchers from University of California, Riverside (we
>> introduced ourselves in an earlier email to security@kernel.org if you
>> recall).
> I do not recall that, sorry, when was that?
>
>> Please allow us to articulate the goal of our research. We'd be
>> happy to hear your feedback and suggestions.
>>
>>> And what is it
>>> doing to actually fix the issues that syzbot finds? Seems like that
>>> would be a better solution instead of just trying to send emails saying,
>>> in short "why isn't this reported issue fixed yet?"
>> From our limited understanding, we know a key problem with syzbot bugs is
>> that there are too many of them - more than what can be handled by
>> developers and maintainers. Therefore, it seems some form of prioritization
>> on bug fixing would be helpful. The goal of the SyzScope project is to
>> *automatically* analyze the security impact of syzbot bugs, which helps with
>> prioritizing bug fixes. In other words, when a syzbot bug is reported, we
>> aim to attach a corresponding security impact "signal" to help developers
>> make an informed decision on which ones to fix first.
> Is that really the reason why syzbot-reported problems are not being
> fixed? Just because we don't know which ones are more "important"?
>
> As someone who has been managing many interns for a year or so working
> on these, I do not think that is the problem, but hey, what do I know...
>
>> Currently, SyzScope is a standalone prototype system that we plan to open
>> source. We hope to keep developing it to make it more and more useful and
>> have it eventually integrated into syzbot (we are in talks with Dmitry).
>>
>> We are happy to talk more offline (perhaps even in a zoom meeting if you
>> would like). Thanks in advance for any feedback and suggestions you may
>> have.
> Meetings are not really how kernel development works, sorry.
>
> At the moment, these emails really do not seem all that useful, trying
> to tell other people what to do does not get you very far when dealing
> with people who you have no "authority" over...
>
> Technical solutions to human issues almost never work, however writing a
> procmail filter to keep me from having to see these will work quite well :)
>
> good luck!
>
> greg k-h
next prev parent reply other threads:[~2021-06-05 18:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-02 20:45 KASAN: use-after-free Read in hci_chan_del syzbot
2020-08-03 17:08 ` syzbot
2021-05-04 21:50 ` ETenal
2021-05-06 6:01 ` Dan Carpenter
2021-05-06 6:42 ` SyzScope
2021-06-04 9:48 ` Greg KH
2021-06-04 17:11 ` SyzScope
2021-06-05 7:43 ` Greg KH
2021-06-05 18:12 ` SyzScope [this message]
2021-06-06 5:16 ` Greg KH
2021-06-06 5:29 ` Leon Romanovsky
2021-06-06 5:06 ` Leon Romanovsky
[not found] ` <20210606085004.12212-1-hdanton@sina.com>
2021-06-06 9:54 ` Greg KH
[not found] ` <20210607074828.3259-1-hdanton@sina.com>
2021-06-07 7:55 ` Greg KH
[not found] ` <20210607100201.3345-1-hdanton@sina.com>
2021-06-07 10:31 ` Greg KH
[not found] ` <20210608081800.3484-1-hdanton@sina.com>
2021-06-08 8:40 ` Greg KH
2021-05-28 21:12 ` SyzScope
2021-06-03 18:30 ` SyzScope
2021-06-03 18:36 ` Greg KH
2021-06-07 10:21 ` Jason A. Donenfeld
2021-06-07 10:28 ` Dmitry Vyukov
2021-06-07 11:20 ` Greg KH
2021-06-07 18:26 ` SyzScope
2021-06-08 8:46 ` Greg KH
2021-06-08 8:53 ` Dan Carpenter
2021-06-07 22:25 ` [syzbot] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d37fecad-eed3-5eb8-e30a-ebb912e3a073@gmail.com \
--to=syzscope@gmail.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).