Received: by 10.223.148.5 with SMTP id 5csp7400013wrq; Thu, 18 Jan 2018 05:06:19 -0800 (PST) X-Google-Smtp-Source: ACJfBovjyOLRQj1K1a0VM4s/p1HJ8y3JANrcVYuuqAgy1e/Ziteha4vARjhXLoCd8TYIgJzljCl/ X-Received: by 10.99.149.67 with SMTP id t3mr4437560pgn.411.1516280779194; Thu, 18 Jan 2018 05:06:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516280779; cv=none; d=google.com; s=arc-20160816; b=mt+w0ryR7Nhx/n5863Va8Abc+Wxi4cBj0L/bQavR9OaVvEigEkwE9gTinEwAx4A/J4 1Wn1oXA1zV/sDpY8rEQswMb6CIwtx4n5SXQ64N3qayXTkHPZZTAaxXU5nqoBxmLi6d/C EWxqS3VLq9E52JSgA4EU3gkrWpB57McZuF935pWv4sHpYEs87N46WXHrheeM8tRIiEQ3 jt7iuFJzZa+KRE7p/Bd0VfL9B8SZEE8uhvgPRmTUnZscvVHqspyD3mEXVNBAecCzHO1j wZ/XXkvWJNx+4YW3FivGF5qQBo7NDWCKwALrxANld1gNfSjonZh0cTKqATzUoKTmvwQD 6ARQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=DtrtnYN/1ux98MklM0ro3ulgrCj3efPOhw1wMjaBX0c=; b=UTI31S5e+e/5Lu88gx77Ityn/ncPQRmVXlhL2TZNZ3lU+QtzOHMrdQNIEJog8ft6/z JEw0EN5vWOXFTFewRXwux7ZEgAAFJge65sRsP9vLHcgXa0WjVNQx8wJAkYYthT7KoAMz r6m/jvOFS5y+5lvqnc9cQ9ZWy+5hRScdk/w19KbOwPXt+Qz5+JSV/jC6UX9qX3FjNioD kU7dIsooz9HelfNSBiPudiq318VtVg0kWyjPy4c38R6xuMI0huSsqaObM/jhmjpR/kct 4FC0NNrpZcAyH9EC3bXrstuJMdqaSfYmkm0mVgQFhdZUZKIIsdp1yiMDW+Fh82fR7k7X Kdjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iMhhr91l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t70si5998215pgd.13.2018.01.18.05.06.04; Thu, 18 Jan 2018 05:06:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iMhhr91l; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755857AbeARNBx (ORCPT + 99 others); Thu, 18 Jan 2018 08:01:53 -0500 Received: from mail-pf0-f178.google.com ([209.85.192.178]:42928 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755162AbeARNBv (ORCPT ); Thu, 18 Jan 2018 08:01:51 -0500 Received: by mail-pf0-f178.google.com with SMTP id b25so8214527pfd.9 for ; Thu, 18 Jan 2018 05:01:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=DtrtnYN/1ux98MklM0ro3ulgrCj3efPOhw1wMjaBX0c=; b=iMhhr91luRwEqlfv5EUt94FiV8Y9TjQVkf4qFIBQMd+60Kas9njFuyWEpFpz25MQur vwsCiEco+tmsVpb1l2ox88TX+fs5ZSfY8wxlEapkRTNzLlF3EDfl3Ju9UJvByBhvvr8S ahA/13TUW/KugM/ngTPrB0UKAI8RprGYg8rkjGL/QZ0plRal/XEgnKtwsTzPmcQ+WEvM vI507HvPkDAt3Dvs8fUZXmMYWM3WZda7EnwIDCDgy7TGVv4qHyPHg+PSfXKIpD0bJCuQ ZDuaRgfVjUwjGvXW4FivogBlaWRzVh1+78I3mq0AKXstgfWiA8dAsAVpNwku0wWvgkXK qlZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=DtrtnYN/1ux98MklM0ro3ulgrCj3efPOhw1wMjaBX0c=; b=Cb85/51NjYwIf/yJ4aBKVRgiOLONZu55RzVlwwRpokpLHsU4tzRPKF5ugvK1sxYW/X aq8CvQEHVsTaYnVY0l+OK/co+AO9mTFp2J721j2+bVqLuJXDVzaoZfbRe5PILC90sLSB dY/22vbFXR1iL6ATm5js3ZFv1mq8l44KOx/lXrIWz0ZoegaS+YetFc5296mkcSHB4qCA J53mlp1f6jmbU6fR0+Cb8wOxKDEd9LWHW8X4di5Nr+bUuocZzPG+MbKJN+G/Q9i6HHgs ghHZZb1CVgYZzDuRqJMHrif6lLLg/2JLotj+K5Zxb3rouyVPoHEMpyDZlTZPOUCxqmtM 0mOw== X-Gm-Message-State: AKwxytff2FKTM0No/dZ/AZXPPEbCQGNjQMXwvAA1sy3zTr7U7mY3J8VN FGCwsguJRC4v0ipeTeimWqAfbPKZe39v2IeLMQa/Hg== X-Received: by 10.101.90.10 with SMTP id y10mr26869047pgs.445.1516280508973; Thu, 18 Jan 2018 05:01:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.236.140.151 with HTTP; Thu, 18 Jan 2018 05:01:28 -0800 (PST) In-Reply-To: <20180118010930.GE6948@thunk.org> References: <001a11405130ff1e9705629eb53c@google.com> <20180117093225.GB20303@amd> <20180117204735.GC6948@thunk.org> <20180118002111.b7ejjd2adunmkooj@ast-mbp.dhcp.thefacebook.com> <20180118010930.GE6948@thunk.org> From: Dmitry Vyukov Date: Thu, 18 Jan 2018 14:01:28 +0100 Message-ID: Subject: Re: dangers of bots on the mailing lists was Re: divide error in ___bpf_prog_run To: "Theodore Ts'o" , Alexei Starovoitov , Dmitry Vyukov , Daniel Borkmann , Pavel Machek , LKML , netdev , syzkaller-bugs@googlegroups.com, Greg Kroah-Hartman , Guenter Roeck Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 18, 2018 at 2:09 AM, Theodore Ts'o wrote: > On Wed, Jan 17, 2018 at 04:21:13PM -0800, Alexei Starovoitov wrote: >> >> If syzkaller can only test one tree than linux-next should be the one. > > Well, there's been some controversy about that. The problem is that > it's often not clear if this is long-standing bug, or a bug which is > in a particular subsystem tree --- and if so, *which* subsystem tree, > etc. So it gets blasted to linux-kernel, and to get_maintainer.pl, > which is often not accurate --- since the location of the crash > doesn't necessarily point out where the problem originated, and hence > who should look at the syzbot report. And so this has caused > some.... irritation. Re set of tested trees. We now have an interesting spectrum of opinions. Some assorted thoughts on this: 1. First, "upstream is clean" won't happen any time soon. There are several reasons for this: - Currently syzkaller only tests a subset of subsystems that it knows how to test, even the ones that it tests it tests poorly. Over time it's improved to test most subsystems and existing subsystems better. Just few weeks ago I've added some descriptions for crypto subsystem and it uncovered 20+ old bugs. - syzkaller is guided, genetic fuzzer over time it leans how to do more complex things by small steps. It takes time. - We have more bug detection tools coming: LEAKCHECK, KMSAN (uninit memory), KTSAN (data races). - generic syzkaller smartness will be improved over time. - it will get more CPU resources. Effect of all of these things is multiplicative: we test more code, smarter, with more bug-detection tools, with more resources. So I think we need to plan for a mix of old and new bugs for foreseeable future. 2. get_maintainer.pl and mix of old and new bugs was mentioned as harming attribution. I don't see what will change when/if we test only upstream. Then the same mix of old/new bugs will be detected just on upstream, with all of the same problems for old/new, maintainers, which subsystem, etc. I think the amount of bugs in the kernel is significant part of the problem, but the exact boundary where we decide to start killing them won't affect number of bugs. 3. If we test only upstream, we increase chances of new security bugs sinking into releases. We sure could raise perceived security value of the bugs by keeping them private, letting them sink into release, letting them sink into distros, and then reporting a high-profile vulnerability. I think that's wrong. There is something broken with value measuring in security community. Bug that is killed before sinking into any release is the highest impact thing. As Alexei noted, fixing bugs es early as possible also reduces fix costs, backporting burden, etc. This also can eliminate need in bisection in some cases, say if you accepted a large change to some files and a bunch of crashes appears for these files on your tree soon, it's obvious what happens. 4. It was mentioned that linux-next can have a broken slab allocator and that will manifest as multiple random crashes. FWIW I don't remember that I ever seen this. Yes, sometimes it does not build/boot, but these builds are just rejected for testing. I don't mind dropping linux-next specifically if that's the common decision. However, (1) Alexei and Gruenter expressed opposite opinion, (2) I don't see what it will change dramatically, (2) as far as I understand Linus actually relies on linux-next giving some concrete testing to the code there. But I think that testing bpf-next is a positive thing provided that there is explicit interest from maintainers. And note that that will be testing targeted specifically at bpf subsystem, so that instance will not generate bugs in SCSI, USB, etc (though it will cover a part of net). Also note that the latest email format includes set of tree where the crash happened, so if you see "upstream" or "upstream and bpf-next", nothing really changes, you still know that it happens upstream. Or if you see only "bpf-next", then you know that it's only that tree.