Re: KASAN: use-after-free Read in hci_chan_del

From: Leon Romanovsky
Date: Sun Jun 06 2021 - 01:32:03 EST

Next message: Jaegeuk Kim: "Re: [PATCH 3/3 v2] f2fs: clean up /sys/fs/f2fs/<disk>/features"
Previous message: Eli Cohen: "[PATCH v2] vdpa/mlx5: Clear vq ready indication upon device reset"
In reply to: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Next in thread: Leon Romanovsky: "Re: KASAN: use-after-free Read in hci_chan_del"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 06, 2021 at 07:16:00AM +0200, Greg KH wrote:
> On Sat, Jun 05, 2021 at 11:12:49AM -0700, SyzScope wrote:
> > Hi Greg,

<...>

> > Perhaps we misunderstood the problem of syzbot-generated bugs. Our
> > understanding is that if a syzbot-generated bug is exploited in the wild
> > and/or the exploit code is made publicly available somehow, then the bug
> > will be fixed in a prioritized fashion. If our understanding is correct,
> > wouldn't it be nice if we, as good guys, can figure out which bugs are
> > security-critical and patch them before the bad guys exploit them.
>
> The "problem" is that no one seems willing to provide the resources to
> fix the issues being found as quickly as they are being found. It
> usually takes an exponentially longer amount of time for a fix than to
> find the problem.

And this is even an easy case, the more complex and common situation
where repro is not available or it doesn't reproduce locally, because
it is race.

Thanks

Next message: Jaegeuk Kim: "Re: [PATCH 3/3 v2] f2fs: clean up /sys/fs/f2fs/<disk>/features"
Previous message: Eli Cohen: "[PATCH v2] vdpa/mlx5: Clear vq ready indication upon device reset"
In reply to: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Next in thread: Leon Romanovsky: "Re: KASAN: use-after-free Read in hci_chan_del"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]