lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Nov 2020 22:57:08 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>, Will Deacon <will@...nel.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        linux-kernel@...r.kernel.org, Dmitry Vyukov <dvyukov@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH v3] lockdep: Allow tuning tracing capacity constants.

Peter, do you have a plan to make this problem actionable?

On 2020/10/18 22:02, Tetsuo Handa wrote:
> Peter, what do you think? Can we apply this patch?
> 
> A potential for-now workaround for syzkaller would be to allow syzkaller
> not to encounter the BUG: message (by masking BUG: message on the kernel
> side) when hitting these limits, for continue testing until the kernel
> crashes (due to other bugs like UAF) would be to some degree useful.
> 
> On 2020/10/10 21:58, Tetsuo Handa wrote:
>> Since syzkaller continues various test cases until the kernel crashes,
>> syzkaller tends to examine more locking dependencies than normal systems.
>> As a result, syzbot is reporting that the fuzz testing was terminated
>> due to hitting upper limits lockdep can track [1] [2] [3].
>>
>> Peter Zijlstra does not want to allow tuning these limits via kernel
>> config options, for such change discourages thinking. But currently we
>> are not actionable, for lockdep does not report the culprit for hitting
>> these limits [4].
>>
>> Therefore, I propose this patch again, with a caveat that this patch is
>> expected to be reverted after lockdep becomes capable of reporting the
>> culprit, for I consider that "postpone fixing lock related problems in
>> existing code" is less painful than "not detecting lock related problems
>> introduced by new patches".
>>
>> [1] https://syzkaller.appspot.com/bug?id=3d97ba93fb3566000c1c59691ea427370d33ea1b
>> [2] https://syzkaller.appspot.com/bug?id=381cb436fe60dc03d7fd2a092b46d7f09542a72a
>> [3] https://syzkaller.appspot.com/bug?id=a588183ac34c1437fc0785e8f220e88282e5a29f
>> [4] https://lkml.kernel.org/r/CACT4Y+agTiEF-1i9LbAgp-q_02oYF0kAPZGAAJ==-wx2Xh7xzQ@mail.gmail.com
>>
>> Reported-by: syzbot <syzbot+cd0ec5211ac07c18c049@...kaller.appspotmail.com>
>> Reported-by: syzbot <syzbot+91fd909b6e62ebe06131@...kaller.appspotmail.com>
>> Reported-by: syzbot <syzbot+62ebe501c1ce9a91f68c@...kaller.appspotmail.com>
>> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>> Acked-by: Dmitry Vyukov <dvyukov@...gle.com>
>> ---
>>  kernel/locking/lockdep.c           |  2 +-
>>  kernel/locking/lockdep_internals.h |  8 +++---
>>  lib/Kconfig.debug                  | 40 ++++++++++++++++++++++++++++++
>>  3 files changed, 45 insertions(+), 5 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ