lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+bosgWpJ=s9_hQ-Jg_XJoSHR9S-zC3es-2F=FTRppEncA@mail.gmail.com>
Date:   Mon, 18 Mar 2019 13:07:49 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Petr Mladek <pmladek@...e.com>,
        Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: [syzbot? printk?] no WARN_ON() messages printed before "Kernel
 panic - not syncing: panic_on_warn set ..."

On Mon, Mar 18, 2019 at 6:27 AM Tetsuo Handa
<penguin-kernel@...ove.sakura.ne.jp> wrote:
>
> Dmitry Vyukov wrote:
> > > Then, we need to find what test is changing console_loglevel.
> > > Maybe add debug BUG_ON() in linux-next.git using CONFIG_DEBUG_AID_FOR_SYZBOT ?
> >
> > Is there a single place to catch this? I could run syzkaller locally
> > first with the check.
> >
>
> There is no such place. But not so many places change permanently.
> For x86, you can test with below patch applied.
>
> ---
>  drivers/tty/sysrq.c    |  1 +
>  kernel/printk/printk.c |  3 +++
>  kernel/sysctl.c        | 23 ++++++++++++++++++++++-
>  3 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
> index fa0ce7d..ad73520 100644
> --- a/drivers/tty/sysrq.c
> +++ b/drivers/tty/sysrq.c
> @@ -91,6 +91,7 @@ static void sysrq_handle_loglevel(int key)
>         i = key - '0';
>         console_loglevel = CONSOLE_LOGLEVEL_DEFAULT;
>         pr_info("Loglevel set to %d\n", i);
> +       WARN_ONCE(i < CONSOLE_LOGLEVEL_DEFAULT, "Reducing console_loglevel to %d", i);
>         console_loglevel = i;
>  }
>  static struct sysrq_key_op sysrq_loglevel_op = {
> diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
> index 02ca827..70d1f8c 100644
> --- a/kernel/printk/printk.c
> +++ b/kernel/printk/printk.c
> @@ -1533,11 +1533,13 @@ int do_syslog(int type, char __user *buf, int len, int source)
>         case SYSLOG_ACTION_CONSOLE_OFF:
>                 if (saved_console_loglevel == LOGLEVEL_DEFAULT)
>                         saved_console_loglevel = console_loglevel;
> +               WARN_ONCE(minimum_console_loglevel < CONSOLE_LOGLEVEL_DEFAULT, "Reducing console_loglevel to %d", minimum_console_loglevel);
>                 console_loglevel = minimum_console_loglevel;
>                 break;
>         /* Enable logging to console */
>         case SYSLOG_ACTION_CONSOLE_ON:
>                 if (saved_console_loglevel != LOGLEVEL_DEFAULT) {
> +                       WARN_ONCE(saved_console_loglevel < CONSOLE_LOGLEVEL_DEFAULT, "Reducing console_loglevel to %d", saved_console_loglevel);
>                         console_loglevel = saved_console_loglevel;
>                         saved_console_loglevel = LOGLEVEL_DEFAULT;
>                 }
> @@ -1548,6 +1550,7 @@ int do_syslog(int type, char __user *buf, int len, int source)
>                         return -EINVAL;
>                 if (len < minimum_console_loglevel)
>                         len = minimum_console_loglevel;
> +               WARN_ONCE(len < CONSOLE_LOGLEVEL_DEFAULT, "Reducing console_loglevel to %d", len);
>                 console_loglevel = len;
>                 /* Implicitly re-enable logging to console */
>                 saved_console_loglevel = LOGLEVEL_DEFAULT;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index b3df3ab..2170421 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -273,6 +273,27 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
>  int sysctl_legacy_va_layout;
>  #endif
>
> +static int proc_dointvec_loglevel(struct ctl_table *table, int write,
> +                                 void __user *buffer, size_t *lenp, loff_t *ppos)
> +{
> +       if (write && buffer && *lenp) {
> +               size_t len = *lenp;
> +               char *kbuf, *p;
> +
> +               if (len > PAGE_SIZE - 1)
> +                       len = PAGE_SIZE - 1;
> +               p = kbuf = memdup_user_nul(buffer, len);
> +               if (IS_ERR(kbuf))
> +                       return PTR_ERR(kbuf);
> +               while (*p && (*p < '0' || *p > '9'))
> +                       p++;
> +               len = *p ? strtoul(p, &p, 10) : CONSOLE_LOGLEVEL_DEFAULT;
> +               WARN_ONCE(len < CONSOLE_LOGLEVEL_DEFAULT, "Reducing console_loglevel to %d", (int) len);
> +               kfree(kbuf);
> +       }
> +       return proc_dointvec(table, write, buffer, lenp, ppos);
> +}
> +
>  /* The default sysctl tables: */
>
>  static struct ctl_table sysctl_base_table[] = {
> @@ -839,7 +860,7 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
>                 .data           = &console_loglevel,
>                 .maxlen         = 4*sizeof(int),
>                 .mode           = 0644,
> -               .proc_handler   = proc_dointvec,
> +               .proc_handler   = proc_dointvec_loglevel,
>         },
>         {
>                 .procname       = "printk_ratelimit",
> --
> 1.8.3.1


Thanks.
Running this for 10 mins I only got a bunch of these, so at least none
of these WARNs does not trigger immediately. But I will continue
running it.

WARNING in schedule_bh
kernel BUG at ./include/linux/mm.h:LINE!
WARNING in vkms_vblank_simulate
general protection fault in xfrmi_decode_session
INFO: task hung in corrupted
kernel BUG at drivers/android/binder_alloc.c:LINE!
BUG: unable to handle kernel NULL pointer dereference in
drm_atomic_helper_commit_modeset_disables
INFO: task hung in __rq_qos_throttle
WARNING in sk_stream_kill_queues

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ