On Wed, Jan 17, 2018 at 09:56:29AM +0100, Pavel Machek wrote: > Hi! > > > > Andrea Arcangeli (1): > > > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK > > > fails > > > > > > fs/userfaultfd.c | 20 ++++++++++++++++++-- > > > 1 file changed, 18 insertions(+), 2 deletions(-) > > > > The original report footer was stripped, so: > > > > Please credit me with: Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx> > > Please don't. We don't credit our CPUs, and we don't credit Qemu. We > credit humans. > The difference is that unlike your CPU or QEMU, syzbot is a program specifically written to find and report Linux kernel bugs. And although Dmitry Vyukov has done most of the work, syzkaller and syzbot have had many contributors, and you are welcome to contribute too: https://github.com/google/syzkaller > > and we also need to tell syzbot about the fix with: > > > > #syz fix: > > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails > > Now you claimed you care about bugs being fixed. What about actually > testing Andrea's fix and telling us if it fixes the problem or not, > and maybe saying "thank you"? Of course the syzbot team cares about bugs being fixed, why else would they report them? I too would like to see syzbot become smarter about handling bugs with reproducers. For example it could bisect to find the commit which introduced the bug, and could automatically detect where the bug has/hasn't been fixed. Of course due to the nature of the kernel it's not possible with every bug, but for some it is possible. Nevertheless, at the end of the day, no matter how a bug is reported or who reports it, it is primarily the responsibility of the person patching the bug to test their patch. I've never really understood why people try to patch reproducible bugs without even testing their fix; it just doesn't make any sense. It's pretty easy to run the syzkaller-provided reproducers too. Personally I've fixed 20+ syzkaller-reported bugs, and I always run the reproducer if there is one. In fact the reproducer is usually needed to even figure out what to fix in the first place... Yes, Andrea deserves thanks for fixing this bug! But so does syzbot and its authors for reporting this bug. And personally I am not at all impressed by the fact that userfaultfd has no maintainer listed in MAINTAINERS, nor did any of the authors feel responsible enough to quickly patch a critical security bug in code they wrote less than a year ago, even after I Cc'ed them with a simplified reproducer and explanation of the problem. Note that userfaultfd is usable by unprivileged users and is enabled on most major Linux distros. Does syzbot need to start automatically requesting CVE's as well? :-) (And yes, I wanted to fix this myself, as I've done with a lot of other of the syzbot-reported bugs, but unfortunately I wasn't familiar enough with the userfaultfd code, and there are 200 other bugs to work on too...) Eric -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
