Received: by 10.223.148.5 with SMTP id 5csp6552876wrq;
        Wed, 17 Jan 2018 15:27:17 -0800 (PST)
X-Google-Smtp-Source: ACJfBosvjR2KoUmEEPpkKqfvong1OLCmowyvsd2HIBWq5EqyZLHNFBHJ9niU0ZwQGrrYN6SMhdZV
X-Received: by 10.98.166.22 with SMTP id t22mr32130697pfe.80.1516231637560;
        Wed, 17 Jan 2018 15:27:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516231637; cv=none;
        d=google.com; s=arc-20160816;
        b=cSU8So1xWy2cwjJpyxpupktgBtW8w+rzhnVjmXbeFPn+CN1jvs1MzNpj/qP1cyIhtr
         0j5/g6BZ++RptwYUEsTa+VuF1V3c7k8eZzVDB+zvfONgN1k5sH7t5TJY0X5Xahv+fRIC
         axh/0dV7fT+rcc3Y44RUhIJtcURpW/xG1Cmw1NfSm8mO6hQwYLemnLX3C4PhYV8Ue5q4
         R7zIDSoOhQqoDI1NVIc8esVEj0pglBQ5Ygs5p38R7QI9feQSTULvxHYhEfGSqdo0WK7z
         REKgK48vioO1j3krcuozsGUClALYZ639NWG5210GZPf1pzSiV7ignzI1b8r7GxHrsJbk
         mCdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=GZJMZTSpGjHNM2L0DEXJxhTSyNjN73oNL0oipEwnsPI=;
        b=jUD68x7WRc2SwcRLaID3lhp4UyTcno4Lkmo23ldlt4OAQSd5nlGuST1aZ9sN8S/PAZ
         NPkGhjoV9V+kekcG1x5W9ugf/A4aa0gKzLZzOF4fDRvdHs3/Bkj83ht8d/dtHkVoIs/b
         q1k/e2CI4CW1QElgxmfWaoZZ15S2sDx5BC+P3/G+vYdULu4YTiRt82FwewrFOrRW6oQy
         cohcnctelePL7sdqKHhjUEUq2Z8HfNQtwXgJSO49uoGiS0I+ayB1KFJ0gGIZsWEfYOEA
         S/6WEeW6iukc3nomMM5qB82WbauJsl3OQeJf0Mp8OCFX4FYylJ9kbVxF4nXzSJ1/O5MX
         W3+w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=OcEwj7bG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t8si4751073pgf.664.2018.01.17.15.27.03;
        Wed, 17 Jan 2018 15:27:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=OcEwj7bG;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754007AbeAQX0g (ORCPT <rfc822;tibaldi.amos@gmail.com>
        + 99 others); Wed, 17 Jan 2018 18:26:36 -0500
Received: from mail-io0-f182.google.com ([209.85.223.182]:38000 "EHLO
        mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752791AbeAQX0f (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Jan 2018 18:26:35 -0500
Received: by mail-io0-f182.google.com with SMTP id d11so22805992iog.5;
        Wed, 17 Jan 2018 15:26:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=GZJMZTSpGjHNM2L0DEXJxhTSyNjN73oNL0oipEwnsPI=;
        b=OcEwj7bGpwNMT03NpYeeQR9P4DK+6GIFtQiQyDBB2eG6LgO1CT0IzmdJsiBHsZU/Bt
         A0lRXn2/A50CWgAhV3dL4kdhxaWtNrAqsu0IS/U5lgMJuvnC7anJ1HICzJ7JNtMigup1
         fSqVmuiInSeOFMyHLOkAKeWy16BFDokt4VBaAIxggMUgUnKizgUCfSrSTVGYD2BrCelA
         XInOzd1nTACevb1HnE7l1tqAuKJX9palr/h4yHAalNp2CQg7IQqk8/9eOrcPQtnh+bPx
         WGsYgL4ldlKEmb1meF0SMnewfbw8xlHWLZraKrKD2oGYkbyadCoxGJ1BQl8It0huxMLb
         F/Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=GZJMZTSpGjHNM2L0DEXJxhTSyNjN73oNL0oipEwnsPI=;
        b=NpySx3QXDcMlO7W2b2NIaNHMH1r/g0X+jHGcCDdCdhW8RZ6xSP6K+xz9XWoo8y8vCe
         MmSMvC2wyBdLX47D0u9YWbn/VhgEZUP/XJnLl5Jz2q4xKk52rJ+GOtwdc6k/uuHELTF5
         oANjGmYeMP98dAR7nsmIV9rH1HjkL3gDHEqpv6tLEBntSewE7HnIjUKeGbCwrDEqVSb5
         Vb9/pnA5gIP9DRsNRrZ6PSxCdP4Gf/yIrhawEY5457KFlCxo78IWexU4Go+z9QWo5mRq
         Cjps1YIRDyOwYEpDXWR7PZhQwasqEkDtZonZZFsbplOiwH//g+37mgd3F0m3nmW6GLf9
         svCA==
X-Gm-Message-State: AKwxytdDfSi3wOFeCh/J+VEtFOwszf0L2d3Ax06zxxcOLDEfsgymZvgn
        QCxOxGK9+qeSmD9S1tWsiL4=
X-Received: by 10.107.39.78 with SMTP id n75mr18378278ion.165.1516231594248;
        Wed, 17 Jan 2018 15:26:34 -0800 (PST)
Received: from gmail.com ([2620:15c:17:3:dc28:5c82:b905:e8a8])
        by smtp.gmail.com with ESMTPSA id i129sm3023858iti.35.2018.01.17.15.26.32
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 17 Jan 2018 15:26:33 -0800 (PST)
Date:   Wed, 17 Jan 2018 15:26:31 -0800
From:   Eric Biggers <ebiggers3@gmail.com>
To:     Pavel Machek <pavel@ucw.cz>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Mike Rapoport <rppt@linux.vnet.ibm.com>,
        LKML <linux-kernel@vger.kernel.org>,
        linux-fsdevel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
        Linux-MM <linux-mm@kvack.org>, syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH 0/1] Re: kernel BUG at fs/userfaultfd.c:LINE!
Message-ID: <20180117232631.gniczgvil5lsml6p@gmail.com>
References: <20171222222346.GB28786@zzz.localdomain>
 <20171223002505.593-1-aarcange@redhat.com>
 <CACT4Y+av2MyJHHpPQLQ2EGyyW5vAe3i-U0pfVXshFm96t-1tBQ@mail.gmail.com>
 <20180117085629.GA20303@amd>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180117085629.GA20303@amd>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 17, 2018 at 09:56:29AM +0100, Pavel Machek wrote:
> Hi!
> 
> > > Andrea Arcangeli (1):
> > >   userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK
> > >     fails
> > >
> > >  fs/userfaultfd.c | 20 ++++++++++++++++++--
> > >  1 file changed, 18 insertions(+), 2 deletions(-)
> > 
> > The original report footer was stripped, so:
> > 
> > Please credit me with: Reported-by: syzbot <syzkaller@googlegroups.com>
> 
> Please don't. We don't credit our CPUs, and we don't credit Qemu. We
> credit humans.
> 

The difference is that unlike your CPU or QEMU, syzbot is a program specifically
written to find and report Linux kernel bugs.  And although Dmitry Vyukov has
done most of the work, syzkaller and syzbot have had many contributors, and you
are welcome to contribute too: https://github.com/google/syzkaller

> > and we also need to tell syzbot about the fix with:
> > 
> > #syz fix:
> > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
> 
> Now you claimed you care about bugs being fixed. What about actually
> testing Andrea's fix and telling us if it fixes the problem or not,
> and maybe saying "thank you"?

Of course the syzbot team cares about bugs being fixed, why else would they
report them?

I too would like to see syzbot become smarter about handling bugs with
reproducers.  For example it could bisect to find the commit which introduced
the bug, and could automatically detect where the bug has/hasn't been fixed.  Of
course due to the nature of the kernel it's not possible with every bug, but for
some it is possible.

Nevertheless, at the end of the day, no matter how a bug is reported or who
reports it, it is primarily the responsibility of the person patching the bug to
test their patch.  I've never really understood why people try to patch
reproducible bugs without even testing their fix; it just doesn't make any
sense.  It's pretty easy to run the syzkaller-provided reproducers too.
Personally I've fixed 20+ syzkaller-reported bugs, and I always run the
reproducer if there is one.  In fact the reproducer is usually needed to even
figure out what to fix in the first place...

Yes, Andrea deserves thanks for fixing this bug!  But so does syzbot and its
authors for reporting this bug.  And personally I am not at all impressed by the
fact that userfaultfd has no maintainer listed in MAINTAINERS, nor did any of
the authors feel responsible enough to quickly patch a critical security bug in
code they wrote less than a year ago, even after I Cc'ed them with a simplified
reproducer and explanation of the problem.  Note that userfaultfd is usable by
unprivileged users and is enabled on most major Linux distros.  Does syzbot need
to start automatically requesting CVE's as well? :-)

(And yes, I wanted to fix this myself, as I've done with a lot of other of the
syzbot-reported bugs, but unfortunately I wasn't familiar enough with the
userfaultfd code, and there are 200 other bugs to work on too...)

Eric