From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752495AbcHIDVY (ORCPT ); Mon, 8 Aug 2016 23:21:24 -0400 Received: from mga11.intel.com ([192.55.52.93]:11756 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752360AbcHIDVV (ORCPT ); Mon, 8 Aug 2016 23:21:21 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,493,1464678000"; d="scan'208";a="1032158992" Date: Tue, 9 Aug 2016 11:18:32 +0800 From: Ye Xiaolong To: Al Viro Cc: Valdis.Kletnieks@vt.edu, Nicholas Krause , 0day robot , LKML , lkp@01.org Subject: Re: [lkp] [fs] 45ec18d5c7: BUG: KASAN: user-memory-access on address 00007f90291c7ec0 Message-ID: <20160809031832.GD8668@yexl-desktop> References: <20160807140242.GA21617@yexl-desktop> <17429.1470673783@turing-police.cc.vt.edu> <20160809011758.GE8581@yexl-desktop> <20160809012756.GO2356@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160809012756.GO2356@ZenIV.linux.org.uk> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/09, Al Viro wrote: >On Tue, Aug 09, 2016 at 09:17:58AM +0800, Ye Xiaolong wrote: >> On 08/08, Valdis.Kletnieks@vt.edu wrote: >> >On Sun, 07 Aug 2016 22:02:42 +0800, kernel test robot said: >> > >> >> FYI, we noticed the following commit: >> >> >> >> https://github.com/0day-ci/linux >> >> Nicholas-Krause/fs-Fix-kmemleak-leak-warning-in-getname_flags-about-working-on-unitialized-memory/20160804-055054 >> >> commit 45ec18d5c713bccb9807782f0dca29b92ba99784 ("fs:Fix kmemleak leak warning in getname_flags about working on unitialized memory") >> > >> >The real question here is why the 0day system was even bothering to try >> >compiling and booting a patch from somebody who has a long record of failing >> >to do so with patches before submission. Actually looking at the patch >> >in question shows that little or no thought or testing was done (hint: >> >look at it, and wonder in amazement why there's a dump_stack() call where >> >it is....) >> > >> >In other words - how did this patch get into a tree that 0day listens to? >> >> 0Day has a service to automatically capture every patchset sent to LKML, and convert >> email patchset to git branches by applying them on top of different >> trees heuristically. > >*raised eyebrows* > >I really hope they are doing both builds and testing in a heavily isolated >environments, then. Because you've just described an attack vector it's >vulnerable to... Yes, they are doing test in a heavily isolated environments with chroot, no suid and isolated network.