Received: by 10.223.148.5 with SMTP id 5csp7490056wrq; Thu, 18 Jan 2018 06:11:28 -0800 (PST) X-Google-Smtp-Source: ACJfBot2FIjq8ZkHNIRRrBPiUcdUqHvmyF84JOQZD8bSY0Hm/RvJ0uFaJ/ik4Y2qtf+rZQwvBiUo X-Received: by 10.98.8.86 with SMTP id c83mr20361107pfd.84.1516284688192; Thu, 18 Jan 2018 06:11:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516284688; cv=none; d=google.com; s=arc-20160816; b=AwxadvQ1nabgWtSR2oSVmJ1moX/Hoz2Vb4WFqRVC1Mk2AgXfzIs1XuTLutU4HYNkiM 8pWM5xIKgFpM/rhrKlTU8qAKnVqBInbzYTAAD6HAt6Qb/BU4xC0ehz7Aq9dzARLTTRdj 9BNQYpeNy6WfxZZN10iOmfFk7JMBIO9/9TC7bVM2JXZ0pQ30cRMKGUsYIGI2PMkHa8Y+ jb0QkuRlpVPWV2ifYb3fs6wnxuRAbrZTgdsM2gJH2iQq4WlVJSy1Bpgz9sWcqFx3mubU N+fZhfGeJN900b9JddbOjAuqfIqxeG49vj+ig/YEuSo+TZ0QBnkEI0gWgmLbPEgj2LyU rxGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=bBB7T75XpXgTdwISqKOQu/BCq+nPxMkvaDK8OCwt0PA=; b=U8oxYyVF46AsBuj4BxPM9bTd0RLQHWPoQVIVaqjgzzuKP0p13qzHvuuCzhroViBsmh uzHV8VCukUDzNSQ7IGpWEKIGchnvh83J7ZnkHxzCiLa4Fd0BRNeveZmZZfrEqu8t91dr R+5P7f2HL561cEljJMCudzckZClo1IjlRJNABSvAyoJ2dn9DC9rhKoYXc/I6YMSfC7Au 4SLs1wJvWEfDJHIBFK2dvUAUP6lMN9qZnxke85pHkyVfmnUdCC9FQe4pVc837qaw3tB3 VDQ9gTx5iop4xf6AMJf5sjzwEmXSMvfmdbv6WJMD8elfilaW4Rlbwm2xk3EKfg+pf9J+ x+AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=shepxNgB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h128si6065103pgc.574.2018.01.18.06.11.13; Thu, 18 Jan 2018 06:11:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=shepxNgB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756431AbeAROKU (ORCPT + 99 others); Thu, 18 Jan 2018 09:10:20 -0500 Received: from mail-it0-f44.google.com ([209.85.214.44]:46949 "EHLO mail-it0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756254AbeAROKR (ORCPT ); Thu, 18 Jan 2018 09:10:17 -0500 Received: by mail-it0-f44.google.com with SMTP id c16so13600331itc.5 for ; Thu, 18 Jan 2018 06:10:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bBB7T75XpXgTdwISqKOQu/BCq+nPxMkvaDK8OCwt0PA=; b=shepxNgBl0rCgDEqf3kmikqovRnnFftJgCBzk+tEMso9K0Hq8Qq/0Q/7k5VkMFOUHU ODSLHiVyMBThVcUC97mZABCxWamja/rJ2Z7/WvmPDMJzYOpDXUms/VeS3qxcvpaA9aSv +3V9ydPgYlnKaTwzuqa9zaysPeiiX6exlCh+4Pg4oiXnfsHglQM+1eA4SiPoIY5l047u yDe4OUy3OEn2KkcAty/bKVqvYjP8CyCy4+bgJshpQe1tQA29luqBYr3nANM4fNDuObLm oGPsScyR7uRsYfS5yEd042r7/xueESZzPmOqB5et5w7wVAnjqWMbhI4QjMf8cLb4/9Dj XiOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bBB7T75XpXgTdwISqKOQu/BCq+nPxMkvaDK8OCwt0PA=; b=j6dG6vepPZIOW2IuXL5XFFs1fugYfrz1sHw7JgVCvC+M9M/sUn/nQ9SnHCHWFhPVs+ yWDkUeNSFMRZtksPFyAW6qEDvGLryMXkWAO81pTFIOvQo4/2601abpYzZTlDupQA8+cA Xe5FzjK7eNeGVbiNAAMmYoOqggujiXHGD7SXKliJ0C7xW7qyH9W48cAsJ5mfJ8Isy4Sh Aq6MTJNCnCNRTRsU6OlssB2VhtYH8XvX1JZMgPaeoAQAWCl4C23egS8jQKFJeDuBflMM 0WiOASk2RWV3cShVS1iqNHhlgyUQ6Dm3pAWicE2jLuvyLWJTyPTltq7l5ZfrWlVtw9X/ 1Ngg== X-Gm-Message-State: AKwxytdB90Y/cRNeqL1hjlqyyjo+Y/x43oBHgaOGTBOb6Iwf4XAt0quc p3j+XRUQJVzKCMLIrsMfW1Ad5Snzwd2wAazKoQzO7A== X-Received: by 10.36.163.136 with SMTP id p130mr10502415ite.49.1516284616621; Thu, 18 Jan 2018 06:10:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.21.66 with HTTP; Thu, 18 Jan 2018 06:10:15 -0800 (PST) In-Reply-To: References: <001a11405130ff1e9705629eb53c@google.com> <20180117093225.GB20303@amd> <20180117204735.GC6948@thunk.org> <20180118002111.b7ejjd2adunmkooj@ast-mbp.dhcp.thefacebook.com> <20180118010930.GE6948@thunk.org> From: Guenter Roeck Date: Thu, 18 Jan 2018 06:10:15 -0800 Message-ID: Subject: Re: dangers of bots on the mailing lists was Re: divide error in ___bpf_prog_run To: Dmitry Vyukov Cc: "Theodore Ts'o" , Alexei Starovoitov , Daniel Borkmann , Pavel Machek , LKML , netdev , syzkaller-bugs@googlegroups.com, Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 18, 2018 at 5:01 AM, Dmitry Vyukov wrote: > On Thu, Jan 18, 2018 at 2:09 AM, Theodore Ts'o wrote: >> On Wed, Jan 17, 2018 at 04:21:13PM -0800, Alexei Starovoitov wrote: >>> >>> If syzkaller can only test one tree than linux-next should be the one. >> >> Well, there's been some controversy about that. The problem is that >> it's often not clear if this is long-standing bug, or a bug which is >> in a particular subsystem tree --- and if so, *which* subsystem tree, >> etc. So it gets blasted to linux-kernel, and to get_maintainer.pl, >> which is often not accurate --- since the location of the crash >> doesn't necessarily point out where the problem originated, and hence >> who should look at the syzbot report. And so this has caused >> some.... irritation. > > > Re set of tested trees. > > We now have an interesting spectrum of opinions. > > Some assorted thoughts on this: > > 1. First, "upstream is clean" won't happen any time soon. There are > several reasons for this: > - Currently syzkaller only tests a subset of subsystems that it knows > how to test, even the ones that it tests it tests poorly. Over time > it's improved to test most subsystems and existing subsystems better. > Just few weeks ago I've added some descriptions for crypto subsystem > and it uncovered 20+ old bugs. > - syzkaller is guided, genetic fuzzer over time it leans how to do > more complex things by small steps. It takes time. > - We have more bug detection tools coming: LEAKCHECK, KMSAN (uninit > memory), KTSAN (data races). > - generic syzkaller smartness will be improved over time. > - it will get more CPU resources. > Effect of all of these things is multiplicative: we test more code, > smarter, with more bug-detection tools, with more resources. So I > think we need to plan for a mix of old and new bugs for foreseeable > future. > > 2. get_maintainer.pl and mix of old and new bugs was mentioned as > harming attribution. I don't see what will change when/if we test only > upstream. Then the same mix of old/new bugs will be detected just on > upstream, with all of the same problems for old/new, maintainers, > which subsystem, etc. I think the amount of bugs in the kernel is > significant part of the problem, but the exact boundary where we > decide to start killing them won't affect number of bugs. > > 3. If we test only upstream, we increase chances of new security bugs > sinking into releases. We sure could raise perceived security value of > the bugs by keeping them private, letting them sink into release, > letting them sink into distros, and then reporting a high-profile > vulnerability. I think that's wrong. There is something broken with > value measuring in security community. Bug that is killed before > sinking into any release is the highest impact thing. As Alexei noted, > fixing bugs es early as possible also reduces fix costs, backporting > burden, etc. This also can eliminate need in bisection in some cases, > say if you accepted a large change to some files and a bunch of > crashes appears for these files on your tree soon, it's obvious what > happens. > > 4. It was mentioned that linux-next can have a broken slab allocator > and that will manifest as multiple random crashes. FWIW I don't > remember that I ever seen this. Yes, sometimes it does not build/boot, > but these builds are just rejected for testing. > > I don't mind dropping linux-next specifically if that's the common > decision. However, (1) Alexei and Gruenter expressed opposite opinion, My opinion does not really mean much, if anything. While my personal opinion is that it would be beneficial to test -next, my understanding also was that -next was not supposed to be a playground but a collection of patches which are ready for upstream. Quite obviously, as this exchange has shown, this is not or no longer the case. The result is that your testing of -next has not the desired effect of improving the Linux kernel and of finding problems _before_ they hit mainline. Instead, your efforts are seen as noise, and syzcaller's reputation is negatively affected. With that in mind, I would suggest to stop testing -next. If you ever have spare CPU capacity, you can start adding subtrees from -next which are known to never be rebased, such as net-next, taking subtrees tested by 0day as baseline. Thanks, Guenter > (2) I don't see what it will change dramatically, (2) as far as I > understand Linus actually relies on linux-next giving some concrete > testing to the code there. > But I think that testing bpf-next is a positive thing provided that > there is explicit interest from maintainers. And note that that will > be testing targeted specifically at bpf subsystem, so that instance > will not generate bugs in SCSI, USB, etc (though it will cover a part > of net). Also note that the latest email format includes set of tree > where the crash happened, so if you see "upstream" or "upstream and > bpf-next", nothing really changes, you still know that it happens > upstream. Or if you see only "bpf-next", then you know that it's only > that tree.