Re: [LKP] [lkp] [string] 5f6f0801f5: BUG: KASan: out of bounds access in strlcpy+0xc8/0x250 at addr ffff88011a666ee0

From: Fengguang Wu
Date: Mon Oct 12 2015 - 04:34:58 EST


On Mon, Oct 12, 2015 at 10:17:14AM +0200, Ingo Molnar wrote:
>
> * Fengguang Wu <fengguang.wu@xxxxxxxxx> wrote:
>
> > On Mon, Oct 12, 2015 at 03:51:04PM +0800, Fengguang Wu wrote:
> > > On Mon, Oct 12, 2015 at 09:33:55AM +0200, Ingo Molnar wrote:
> > > >
> > > > * kernel test robot <ying.huang@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > > FYI, we noticed the below changes on
> > > > >
> > > > > git://internal_mailing_list_patch_tree Ingo-Molnar/string-Improve-the-generic-strlcpy-implementation
> > > > > commit 5f6f0801f5fdfce4984c6a14f99dbfbb417acb66 ("string: Improve the generic strlcpy() implementation")
> > > >
> > > > Hm, there's no such commit ID anywhere I can see - did you rebase my tree perhaps?
> > >
> > > Ingo, all applied patches will be uploaded to github from now on.
>
> Thanks!
>
> You might want to move that to korg instead, because many people don't like to
> pull from github.

That'd be good, however github would match its security level better
-- it's a robot doing git upload, so the ssh private key must be kept
in a server where several team members can see it.

> > > Here is the exact commit:
> > >
> > > https://github.com/0day-ci/linux/commits/Ingo-Molnar/string-Improve-the-generic-strlcpy-implementation
> >
> > Sorry that's already the rebased commit.. The old version was applied
> > to 4.3-rc4 while the new one is applied to 4.3-rc5.
>
> So as long as you have the tested sha1 mentioned in the bug report, and that sha1
> can be pulled from somewhere on korg, I'm a happy camper: in this particular case
> it would have told me whether your testing tree had upstream fix 990486c8af or
> not.
>
> Rebasing and applying email patches for testing purposes is otherwise perfectly
> OK, as long as the precise Git tree used for testing can be fetched.

FYI I've just added timestamp to the branch name -- which helps make
the reported URL consistent and immutable over time.

You are nice and easy to work with, however it'll have to work well
with lots of people in all kinds of situations. :)

Thanks,
Fengguang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/